News

Google Patches 19 Vulnerabilities In Android

android-doll-stock-robot_1020.0

Recently, Google has released the security update for its Android Nexus devices(Android Open Source Project(AOSP)), in March 2016. During this update around 19 security issues has been fixed by Google. Four major holes were patched by this update, along with a lot of other vulnerabilities. 

Among those 19 updates: 10 were considered as “HIGH”, 4 were considered as “CRITICAL” and 2 were considered as “MODERATE”. So, many flaws and vulnerabilities were there that were all now patched by the Google. The patches include vulnerabilities with Android’s media server, Stagefright vulnerabilities, Qualcomm performance component etc. Within these patches, Android’s Media Server is a kind of service by which the device can easily index media files that are located on device and Qualcomm performance could be triggered to allow elevation of privilege vulnerability. Qualcomm performance component also enables to execute arbitrary code by the local malicious application in Kernel.
Google notes that

“The affected functionality is provided as a core part of the operating system, and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media, The media server service has access to audio and video streams as well as access to privileges that third-party apps could not normally access.”

Whatever the critical vulnerabilities patched in the update were not an indication of any active customer exploitation, that all were found internally by Google.
Google explained by the issue Qualcomm performance component that

“This issue is rated as a critical severity due to the possibility of a local permanent device compromise, and the device could only be repaired by re-flashing the operating system” 

The places where these critical vulnerabilities found were: 
  • Android’s Display Driver.
  • Skia graphics library media server.
  • Mobile operating system’s kernel.

In one of the Google blog post said,

“Android was built from day one with security in mind, Security continues to be a top priority and monthly device updates are yet another tool to make and keep Android users safe.”

The vulnerability was in operating system’s core (Kernel) could increase the third-party software or privilege level and the other critical flaws exploited the remotely execute code. 

Harish

A technology enthusiast who loves innovation. Fascinated for technology. Founder of AndroidCaptain.com and a Computer Engineer, passionate for android world of devices/apps and their innovation in the pricing and quality. I like to listen songs, take photos and venture myself in natural places.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

Back to top button
css.php

Ad-blocker Detected!

Please Help Us Grow, Kindly Disable Ad-Block and Read Amazing News, Tips and Many More.