Google Details Fixes in Latest Android Security Release

Share on Facebook Tweet Snapchat Share Reddit Comment
Google Details Fixes in Latest Android Security Release
Google last week released an Android security update to Nexus 4, Nexus 5, Nexus 6, Nexus 7, and Nexus 9 devices. The update brought Android security enhancements apart from minor bug fixes.

Now, the company has detailed the fixes contained in the Android security update rolled out to Nexus devices. In its Nexus Security Bulletin for the month of September, Google adds that the monthly release build LMY48M along with source code patches have been released to the Android Open Source Project (AOSP) source repository.

Google has released a list including security vulnerabilities such as remote code execution vulnerability in Mediaserver (aka Stagefright); elevation of privilege vulnerability in kernel; elevation of privilege vulnerability in Binder; elevation of privilege vulnerability in Keystore; elevation of privilege vulnerability in region; elevation of privilege vulnerability in SMS enables notification bypass; elevation of privilege vulnerability in Lockscreen, and denial of service vulnerability in Mediaserver.

The company pointed that the most severe out of these issues was a critical security vulnerability that could enable remote code execution on an affected device. Google marked remote code execution vulnerability in Mediaserver and elevation of privilege vulnerability in Kernel as critical severity.

"We have not detected customer exploitation of the newly reported issues. The exception is the existing issue (CVE-2015-3636). Refer to the Mitigations section for details on the Android security platform protections, and service protections such as SafetyNet, which reduce the likelihood that security vulnerabilities can be successfully exploited on Android," noted Google in its Security Bulletin.

The mitigations provided by the Android security platform and service protections such as SafetyNet ( which are likely to reduce the likelihood that security vulnerabilities can be successfully exploited on Android) include the suggestion for all users to upgrade to Android 5.0 Lollipop as the version includes improved Address Space Layout Randomization (ASLR) algorithm, while the default Verify Apps options that warns users about potentially harmful apps about to be installed. Google has also updated the Hangouts and Messenger apps to not allow media automatically passed to vulnerable processes (such as Mediaserver).

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Android, Google, Mobiles, Tablets
Motorola India Says It's Sold 2.6 Million Smartphones Since February
Tamil Nadu Government to Implement 'BharatNet' Project

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com