Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Mobile Tech / Google Fixes Android Security Flaws
Google Releases Fixes for New Android Flaws
Google Releases Fixes for New Android Flaws
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Among the Android security patches released by Google this week are fixes for several critical vulnerabilities, including one for the mediaserver component that saw several other major problems last year.

In the wake of several severe Android vulnerabilities that emerged over the summer, Google and other companies that produce Android devices said they would begin issuing monthly updates to address security problems. One vulnerability, linked to the Stagefright media library, was believed to have exposed as many as 960 million Android devices to possible hack attacks.

According to Google's lead engineer for Android Security, the Stagefright fix was likely "the single largest software update the world has ever seen." No reports have linked the latest Android vulnerabilities, patched yesterday, to any active customer exploitation, Google said.

OTA Updates for Nexus Devices

Google's own Nexus devices began receiving the most recent security fixes via over-the-air updates, according to the January 2016 Android Security Bulletin posted yesterday. Android partners were notified about the latest issues and provided with security updates on or before December 7, the bulletin added.

Source code patches for all the most recently identified vulnerabilities will also be released to the Android Open Source Project repository by tomorrow, according to the bulletin.

Twelve vulnerabilities in all were addressed in this latest security update. They included a critical-severity bug that left open the possibility of remote code execution in the Android mediaserver, which could be hacked via "multiple methods such as e-mail, Web browsing, and MMS when processing media files." Four other critical vulnerabilities could allow malicious actors to elevate privileges and gain access to devices.

Monthly Updates, but Not All Devices Fixed

The remaining vulnerabilities included two of high severity, and five labeled "moderate" severity. "The severity assessment is based on the effect that exploiting the vulnerability would have on an affected device, assuming the platform and service mitigations are disabled for development purposes or if successfully bypassed," according to the security bulletin,

First identified by the enterprise mobile security firm Zimperium in July, the Stagefright bug left open the potential for hackers to remotely execute code and escalate privileges on affected devices, often without any action required by the device owner.

Given the massive number of devices potentially affected by Stagefright, Certifi-Gate and other vulnerabilities that emerged over the summer, Google, Samsung and LG began rolling out monthly security updates for their Android devices.

Just last month, Zimperium posted a video demonstration on its blog showing how members of its team were able to access a new Nexus 6 smartphone by sending a text message that opened a malicious link. That enabled the team to gain access to the phone's personal photos, GPS data, camera images and even conversations. Many Android devices have still not received the update to fix that vulnerability, Zimperium added.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.