A new, severe vulnerability is putting Linux computers and many Android phones at risk.
According to Ars Technica the new vulnerability has been dubbed “Dirty Pipe.” The issue allows anyone with an account “to add an SSH key to the root user’s account.” Once done, the user would be able to remotely access to the machine with full root access.
The vulnerability can also be used for other exploits, such as overwriting read-only files, creating a root shell, setting up a backdoor, and more.
In addition to impacting computers with Linux installed, the vulnerability also impacts some versions of Android, since the mobile OS runs a modified version of the Linux kernel. While some might be inclined to believe newer versions of Android would be immune, the exact opposite is the case.
Newer devices, like the Pixel 6 and Samsung S22 run newer versions of the Android kernel, which are vulnerable to the exploit. In contrast, older devices like the Pixel 4 are running older versions of the kernel, which are not vulnerable.
All Linux and Android users should be on the lookout for a security update.