Google fixes two serious Android security flaws

Discussion in 'Android News' started by Jeffrey, Sep 13, 2016.

  1. Jeffrey

    Jeffrey Premium Member
    Premium Member

    Joined:
    Jan 30, 2012
    Messages:
    6,686
    Likes Received:
    3,548
    Trophy Points:
    1,578
    Location:
    Thailand
    Ratings:
    +4,036
    Current Phone Model:
    iPhone 7 Plus JB
    [​IMG]

    Google has released an Android update that closes two security holes that could pose a major threat if intruders found a way to exploit them. The first was only designed for "research purposes" and would only have been malicious if modified.
    The other flaw was similarly to the well-known Stagefright exploit, letting an attacker send an altered JPEG image through Gmail or Google Talk to hijack your phone.
    The issue,as Sentinel One researcher Tim Strazzere explained to Threatpost, is that it's both easy to find and capitalize on this vulnerability.

    This bulletin has three security patch level strings to provide Android partners with the flexibility to move more quickly to fix a subset of vulnerabilities that are similar across all Android devices. See Common questions and answers for additional information:
    • 2016-09-01: Partial security patch level string. This security patch level string indicates that all issues associated with 2016-09-01 (and all previous security patch level strings) are addressed.
    • 2016-09-05: Partial security patch level string. This security patch level string indicates that all issues associated with 2016-09-01 and 2016-09-05 (and all previous security patch level strings) are addressed.
    • 2016-09-06: Complete security patch level string, which addresses issues that were discovered after partners were notified of most issues in this bulletin. This security patch level string indicates that all issues associated with 2016-09-01, 2016-09-05, and 2016-09-06 (and all previous security patch level strings) are addressed.
    • Supported Nexus devices received a single OTA update with the September 06, 2016 security patch level.
    • All carriers have received updates as well.
    While the likelihood of running into this malware is relatively small, it underscores an issue with timely Android security updates. Only Nexus owners get first crack at the fixes -- most everyone else will have to wait, provided they're in line in the first place.

    Source: Google Android Security Bulletin
     
    • Like Like x 1