Home Forums Hacking Tools Google Patches 19 Vulnerabilities In Android

This topic contains 0 replies, has 0 voices, and was last updated by  admin 11 months, 3 weeks ago.

  • Author
    Posts
  • #12089

    admin
    Keymaster
    • Topics: 2752
    • Replies: 3
    • Total : 2755

    Recently, Google has released the security update for its Android Nexus devices(Android Open Source Project(AOSP)), in March 2016. During this update around 19 security issues has been fixed by Google. Four major holes were patched by this update, along with a lot of other vulnerabilities.

    Among those 19 updates: 10 were considered as “HIGH”, 4 were considered as “CRITICAL” and 2 were considered as “MODERATE”. So, many flaws and vulnerabilities were there that were all now patched by the Google. The patches include vulnerabilities with Android’s media server, Stagefright vulnerabilities, Qualcomm performance component etc. Within these patches, Android’s Media Server is a kind of service by which the device can easily index media files that are located on device and Qualcomm performance could be triggered to allow elevation of privilege vulnerability. Qualcomm performance component also enables to execute arbitrary code by the local malicious application in Kernel.

    ▼Advertisements

    Google notes that
     

    “The affected functionality is provided as a core part of the operating system, and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media, The media server service has access to audio and video streams as well as access to privileges that third-party apps could not normally access.”

    ▼Advertisements

    Whatever the critical vulnerabilities patched in the update were not an indication of any active customer exploitation, that all were found internally by Google.
    Google explained by the issue Qualcomm performance component that

    “This issue is rated as a critical severity due to the possibility of a local permanent device compromise, and the device could only be repaired by re-flashing the operating system” 

    The places where these critical vulnerabilities found were:
    • Android’s Display Driver.
    • Skia graphics library media server.
    • Mobile operating system’s kernel.

    In one of the Google blog post said,

    “Android was built from day one with security in mind, Security continues to be a top priority and monthly device updates are yet another tool to make and keep Android users safe.”

    The vulnerability was in operating system’s core (Kernel) could increase the third-party software or privilege level and the other critical flaws exploited the remotely execute code.
    All fixed issue list are here

You must be logged in to reply to this topic.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0

Back to Top ↑