Critical "Dirty Cow" Android exploit not fixed by November Android security patch
The technique is popular among apps for rooting Android devices, as it lets developers circumvent manufacturer and operating system limitations in order to gain root access. However, the exploit can be incorporated into malicious apps so that they sidestep existing Android security measures. In January this year, security researchers reported at least 13 apps in the Google Play store that exploit rooting vulnerabilities, including Dirty Cow.
Google claims a patch for the loophole will be released in December. Unfortunately, the security updates that Google releases only reach Nexus/Pixel devices and a small number of phones by companies such as Samsung. This means the overwhelming majority of Android smartphones out in the wild will remain vulnerable possibly forever.
source: ARS Technica