Google Patches and Doesn’t Patch Dirty COW Bug
Although Google is quite active at disclosing vulnerabilities in Microsoft's products, the search engine giant isn’t that proactive in patching critical bugs in its own products. Google released the November updates for Android, which missed patches for the critical Dirty COW bug that was disclosed recently. Every single Android device is therefore vulnerable.
There is good news for Nexus and Pixel users. Dirty COW patch is missing from the official November Android update, but Google has released a supplement update for its own devices (Nexus and Pixel) that patches the bug. So far, Samsung is the only other hardware vendor that has independently patched the Dirty COW bug.
Dirty COW is a Linux Kernel bug that has been around for years and was disclosed only recently. According to researchers who discovered the bug, “an unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
The Linux kernel community acted swiftly and patched the bug immediately. Major Linux distributions have already pushed updates to patch the bug.