14 DAY TRIAL // The so-called Dirty Cow flaw was discovered and reported only last month, even though it's been present in some form in all Android devices since the release of the operating system.
However, there should have been enough time for Google to patch the rooting bug and provide the fix in the November security update that's just been released for Nexus and Pixel devices.
Unfortunately, Ars Technica reports that the November security patch does not contain a fix for the dreaded Dirty Cow flaw. For the non-tech-savvies, the Dirty Cow bug is an escalation-of-privilege, which was added to the core of the Linux kernel back in 2007, which is why it affects all Android versions.
Since this is a major exploit that hackers can take advantage of very easily, it's a big surprise that Google hasn't found the time to patch it. Apparently, the now well-known vulnerability is already being exploited maliciously against Linux servers so that untrusted users can gain “root” privileges.
The same exploit was used to unlock Verizon Pixel's bootloader
But Android fans are using the Dirty Cow bug to root their phones. In fact, the last smartphone that “benefited” from the exploit was the Verizon Pixel phone, which had its bootloader unlocked using this method.
Many thought that Google would patch the issue in the November security update and advised those with Verizon Pixel phones to wait a bit before updating if they want their bootloader to remain unlocked.
Well, it appears that half a month wasn't enough for Google to address the Dirty Cow rooting bug, as the search giant explains that the security patches are released a month after being made available to manufacturers.
Basically, this means that the November security patch was ready about a month ago, but it's only been released recently. Here is to hoping the December update will contain a fix for this critical flaw.