Déjà vu: Another serious security vulnerability discovered in Pixel 6 and Galaxy S22

By Scott Marlette Last updated Jul 7, 2022

Kernel security expert Zhenpeng Lin has discovered a flaw in the Pixel 6 that could give read/write privileges to bad actors and allow them to disable the Security-Enhanced Linux (SELinux) architecture that allows administrators to have more control over who can access a particular system.

The bug affects all handsets based on Linux kernel version 5.10, including the Pixel 6 Pro and the Galaxy S22 range. The list may also include other recent devices that launched with Android 12.

One more thing: all phones based on kernel v5.10 are affected, including Samsung S22

— Zhenpeng Lin (@Markak_) July 6, 2022

Lin has shown the bug in action on Twitter. Android Police reports that Google was informed about it after the video was put up on Twitter. This is unlikely to obliterate his chances of getting a payout from the Mountain View giant though because he did not disclose the full set of instructions for how the vulnerability works.

Apparently, an attacker could use some sort of memory access exploit to wreak havoc. This is similar to how the Dirty Pipe vulnerability affected the Galaxy S22 and Pixel 6 which were released with Linux Kernel versions 5.8.

Lin thinks the video is just a proof of concept and was published to warn end-users before the problem is fixed. He hasn’t said what users should do to protect themselves.

Google and Samsung are yet to speak about the issue so it’s hard to say when it might be patched. Android Police believes that given how things work, a fix could arrive in September. Other vendors are free to act faster and issue a fix before Google, which is what Samsung did with Dirty Pipe.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.