Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 12 MINUTES AGO.
You are here: Home / Data Security / Android Security Update Released
Google Releases Major New Security Update for Android
Google Releases Major New Security Update for Android
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
05
2016
Some of the biggest Android security flaws on Nexus devices are getting fixed today, thanks to a new monthly update from Google. In fact, so many bugs are addressed in the patch that the upgrade is the largest to date since the company began issuing regular monthly fixes for Nexus phones last year.

Among the 39 vulnerabilities addressed in the over-the-air update are some of the most serious security issues the company has discovered in recent months. The most severe is a critical bug that could enable remote code execution on an affected device through multiple methods such as e-mail, Web browsing, and MMS (multimedia messaging service) when processing media files.

Rooting Vulnerabilities Addressed

The update is part of Google’s Android Security Bulletin Monthly Release process. Included in the patch are eight security issues the company rated as “critical," its highest severity rating. An additional 13 were given a “high” severity rating. The severity assessment is based on the effect that exploiting a vulnerability might have on an affected device.

The company said that the patch should go a long way toward shoring up Android’s security. The platform’s reputation has taken some hits recently following the publication of a number of vulnerabilities discovered by mobile security firms, including several applications able to root users' devices without their knowledge. The company said that despite the existence of the vulnerability, it hasn't received any reports of active exploitation of users.

This release should address the rooting vulnerabilities. “Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” Google said in its security bulletin. “We encourage all users to update to the latest version of Android where possible.”

Google said its Android security team is actively monitoring third-party apps for signs of abuse or malicious behavior to give users a heads-up about potentially dangerous applications.

Verify Apps

Although this latest update should take care of the current crop of rooting vulnerabilities, the company said it isn’t taking any chances. Among the enhancements included in the latest version is a feature called Verify Apps, which is enabled by default.

Verify Apps attempts to identify and block installation of known malicious applications that either root devices or exploit a privilege escalation vulnerability. It can also identify malicious applications that are already installed and attempt to remove them.

Most of the critical vulnerabilities fixed in this upgrade stemmed from problems with either the Dynamic Host Configuration Protocol service, or the mediaserver, which allowed attackers to hijack the device through malicious code buried in video and audio files.

That includes the libstagefright (Stagefright) remote code execution vulnerability, a problem that has plagued the company for a while. Google said the affected functionality is a core part of the operating system, and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.

Tell Us What You Think
Comment:

Name:

Samuel Cohen:
Posted: 2016-04-16 @ 2:10am PT
Does it Flaw Linux? Twitter Telegram Bug?

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.