Google published the April Android security update earlier this week, however it did not contain a remedy for the 'Dirty Pipe' security flaw, which was widely exposed last month. Even while most smartphones will most likely not be repaired until the May update, certain manufacturers, like Google, have begun to patch their own devices.
Dirty Pipe (CVE-2022-0847) is a Linux kernel vulnerability that allows someone to inject and rewrite data in read-only processes while without having root or admin privileges. The vulnerability has previously been exploited to acquire temporary root access on Android, but it may also be exploited to allow malware and other unknown apps to gain system access.
Dirty Pipe is now patched in the Linux kernel (versions 5.16.11, 5.15.25, and 5.10.102), as well as the Android Linux kernel, although the patch was not included in the April security update. It'll most likely be included in the May update, but not everyone wants to wait that long. The fix is included in certain modified kernels for the Pixel 6 and Pixel 6 Pro, including the Kirisakura kernel. The patched kernel version is included in Google's Android QPR3 Beta 2 for the Pixel 6 and Pixel 6 Pro, which was published on Thursday.
As part of the April 2022 update for Galaxy smartphones, Samsung appears to be the only manufacturer handing out a remedy to phones running stable software — the company's security bulletin references CVE-2022-0847, and the upgrade has been validated to thwart Dirty Pipe attacks. The Xiaomi 12/12 Pro appear to be still susceptible, since they have not received a security update since their first release in February. OnePlus has failed to disclose the source code for its April upgrade.
We'll have to observe which manufacturers wait for the May upgrade and which firms provide an update sooner (as Samsung is doing). In any case, you should generally avoid installing questionable APKs for the time being.
