The graduate student of the North-Western University (Chicago) published a video showing the hack Google Pixel 6 using the revealed zero-day vulnerability in Android. The new problem allows you to seize control over the system and change the settings of standard security tools.
According to the Twitter report, the author of the find managed to gain access/recording to arbitrary files through the exploit, increase the privileges to the Root and turn off Selinux access control, while not resorting to intercepting the control flow. Vulnerability is also relevant for Pixel 6 Pro, Samsung Galaxy S22 and other Android devices using the Linux version 5.10.
Details of 0-Day will be disclosed in August at the Black Hat USA 2022 conference. Judging by the annotation, the speakers classify the error found as a double release of memory and consider their POC a generalized but more powerful version of DIRTY PIPE: their exploit can also be used to go beyond the container in linux.
Recall that the vulnerability of the CVE-2022-0847, which was famous as DIRTY PIPE, also allows you to increase the rights in Linux to the level of the superpower through the rewriting of the files and bypass all the protective mechanisms of the nucleus. However, the attack in this case relies on the use of the Linux conveyor version 5.8 and above. The new concept, according to the authors, allows not only to achieve the same effect, but also to create a universal exploit that does not depend on the version of the Linux nucleus or the architecture of the distribution.
Google has already noticed a dangerous find; The CVE identifier has not yet been appointed to her, and corrections may have to wait until September. It’s good that this is not RCE, the exploit of which does not require interaction with the user. Nevertheless, experts warn that the threat is real even for devices with July updates, so it is better for users to wait for users with the installation of applications from unprincipled sources - before the patch exit.
In March, experts already used Dirty Pipe and received Root on Pixel 6 Pro and Samsung S22 with its help. Researchers from Grapl showed an attack vector that allows you to quietly steal accounting data, photos, files, read messages, etc.#Googlepixel6