When you find a vulnerability in a free, open-source operating system it's not that big of a deal, because those things can, will, and will keep on happening. But when you find a vulnerability that's been sitting there for nine years – that's a problem. It's a problem because after nine years, it means the vulnerability is probably present in millions of devices. It's an even bigger problem when that operating system is Linux – found in God knows how many servers, and which serves as the base of Android – one of the most popular mobile operating systems in the world.
The vulnerability, recently uncovered by researcher Phil Oester, is called CVE–2016–5195, and nicknamed Dirty Cow (Cow is short for copy-on-write). It allows the attacker, who has already gained some privilege on a device, to leverage it to gain full control. Researchers have played down the importance of Dirty Cow, saying this vulnerability should not be considered a bigger threat than any other vulnerability found in Linux.
“All the boring normal bugs are way more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more ‘special’ than a random spectacular crash due to bad locking,” The Guardian quotes the researcher.
Red Hat, Debian and Ubuntu have already issued a patch, and companies like Google and Samsung are expected to issue a patch for their devices running Android, as well. The real problem lies within low-budget devices and those with poor support – they will most likely never get fixed.
Image Source: Profit_Image / Shutterstock