Android

Pixel 6 and other recent top Android at risk: flaw in Linux 5.10+ kernel

July 13, 2022
0 1 2 minutes read
1039734.jpeg
1039734.jpeg

A new one has emerged vulnerability in Google’s latest top-of-the-range smartphones, the Pixel 6 and Pixel 6 Pro; or rather, it is more accurate to say that it was demonstrated on a Pixel 6 and found in the Linux kernel in version 5.10, and therefore all devices based on it, including for example Samsung’s Galaxy S22 (including the Plus and Ultra variants) and ASUS ‘ROG Phone 6 (and its Pro version), are in all likelihood at risk . The flaw was discovered by Northwestern University researcher and student Zhenpeng Lin, who posted a demonstration on Twitter.

Within seconds, the Pixel 6 was completely pwned, as they say: the exploit written by the researcher is able to read and write data regardless of the operating system controls, from there increase its access privileges up to the root ones and disable SELinux security protections. Technical details of the vulnerability have not been publicly disclosed, however Lin only notified Google of the problem after posting the Proof-of-Concept on Twitter.

The latest Google Pixel 6 pwned with a 0day in kernel! Achieved arbitrary read / write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected 🙂 pic.twitter.com/UsOI3ZbN3L

– Zhenpeng Lin (@Markak_) July 5, 2022

 

At this stage, therefore, it is not perfectly clear how the exploit can be performed, which has a huge influence on its actual danger (trivially: if it can be launched remotely without the user having to interact in any way it is a matter, if instead a cable is needed and the smartphone must be unlocked it is quite another) . We are awaiting the response from Google and other manufacturers.

It could be argued that Lin did not follow standard industry practice for disclosing potentially critical bugs. Generally, the companies involved come Please advise privately first so that they have time to develop a corrective patch and distribute it. There is usually a variable number of days (depending on researchers and severity) between the first notification and the publication of all the details, so that the producer has an incentive to work quickly. Lin argues that what he posted is a simple demonstration, but we’ll have to see what Google’s security team thinks. There may be problems with the payment of the reward if it is determined that the procedure has not been followed correctly.

July 13, 2022
0 1 2 minutes read

Related Articles

ZTE Axon 40 Ultra and ZTE Axon 40 Pro: the all-screen mobile is back more powerful than ever

ZTE Axon 40 Ultra and ZTE Axon 40 Pro: the all-screen mobile is back more powerful than ever

May 9, 2022
conoce a pegasus el software espia que accede al telefono por medio de una llamada.jpg

Meet Pegasus, the spy software that accesses the phone through a call

May 15, 2022
asuszenfone9.jpg

This is how the new Zenfone 9 are, the new compact phones from Asus

July 30, 2022
vivo x fold s, the identikit is becoming more and

Vivo X Fold S, the identikit is becoming more and more complete

September 6, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button