Android’s May security update is out, and which means the Pixel 6 is lastly getting a patch for the Soiled Pipe vulnerability. The replace comes one month after Samsung shipped Google’s patch to the Galaxy S22, however no less than it is lastly arriving.
Soiled Pipe, aka CVE-2022-0847, is likely one of the largest Linux vulnerabilities to come back round lately. The vulnerability lets an unprivileged person overwrite information that’s purported to be read-only, which might result in extra privilege escalation. Android truly has a working demo of this. Twitter user @Fire30_ demoed utilizing the bug to root a Pixel 6. Linux gadgets operating 5.8 and up are affected, and after the vulnerability was found on February 19, patches for PC distributions of Linux began rolling out after 17 days.
Android has been a unique story, although. First, not that many gadgets run Linux kernel 5.8 but. Regardless of that model releasing in August 2020, Android solely jumped from 5.4 to five.10 with the discharge of Android 12 in November. Since current gadgets usually do not bounce main kernel variations after they get an Android replace, which means solely new gadgets coming with Android 12 have kernel 5.10. That is a really small variety of new gadgets that launched up to now eight months or so—specifically the Pixel 6, Galaxy S22, and OnePlus 10 Professional.
In accordance with the researcher who found the flaw, Google fastened Soiled Pipe within the Android codebase on February 23. Samsung took that code from Google and rolled it out to the Galaxy S22 final month, however Google ended up ready an entire additional month, and it is lastly arriving to Pixel 6 customers this week. OnePlus continues to be a laggard.
Google categorizes Soiled Pipe as solely “excessive” severity, which explains why the corporate hasn’t rapidly pushed out an replace. Soiled Pipe would not hit the extent of a “essential” vulnerability on Android as a result of it isn’t remotely exploitable. That you must have native entry to make use of the exploit, and so long as there are not any different identified vulnerabilities, try to be secure in the event you do not set up something malicious.
In different Android replace information, the tip of the road for the midrange Pixel 3a is in sight. With three years of main OS updates, Might 2022 marks the Pixel 3a’s final officially promised OS launch. Google informed 9to5Google that the machine would get one closing replace by July 2022.