Android fixes critical vulnerabilities with latest Nexus update

~ lundi 2 novembre 2015
Android developers today released a new update for its Nexus devices; which fixes seven severe vulnerabilities two of them are rated as "critical".

The update is part of the google's new security policy which was announced in August, where google will release an update every month with an aim to eliminate all new vulnerabilities in its OS.

The two highly critical vulnerabilities eliminated in this latest Android update are - "Remote Code Execution Vulnerabilities in Mediaserver" and "Remote Code Execution Vulnerability in libutils".

Four out of five other vulnerabilities fixed are rated as highly severe. The Nexus users are over the moon after the news of this latest update.


Critical Vulnerability details: 

Remote Code Execution Vulnerabilities in Mediaserver - (CVE-2015-6608)

This vulnerability was reported by the Google Chrome security team researchers. Android developers rated this vulnerability 'critical' because it allows an hacker to remotely execute code, in other words malware activated by playing a specially crafted media file on a affected phone or tablet.

The vulnerability targets the key part of OS, which has access to permissions that third party apps cannot normally access. It is believed that no Android user is effected by this critical vulnerability because it was discovered by Google family security team researchers before any hacker.


Remote Code Execution Vulnerability in libutils - (CVE-2015-6609) 

This critical vulnerability is effecting version 6.0 and below. The vulnerability was first discovered and reported by the Copperhead Security researcher, "Daniel Micay". This vulnerability can be used through audio file processing. It could allow an hacker to cause memory corruption and remotely execute code, (code can be a malware).

The core reason behind security team rating this vulnerability critical is because of the possibility of remote code execution in a privileged service.  The affected component has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

There are other 4 vulnerabilities which the Android security team rated as highly severe - full report. While only one vulnerability severity level is Moderate. The rating of these vulnerability is based on the effects, a device can suffer if an attacker successfully exploits it.

All the Nexus users should not waste any time in updating their devices, since the vulnerabilities are being fixed. Security researchers has applauded the Google's latest policy of releasing updates like these every month, which fixes flaws in its OS. It will not only makes their users feel secure but will also increases the Nexus market share in long run.


0 commentaires :

Enregistrer un commentaire