Wednesday 6 April 2016

Google Fixes 8 Critical Android Bugs

Google Fixes 8 Critical Android Bugs

Google Fixes 8 Critical Android Bugs

On Monday, Google announced that it initiated rolling out the monthly Android security update for its Nexus range of devices. And also, the company said that the security section would be updated which is available for Nexus devices with the help of an OTA(over-the-air) updates. 

The company also announced the list of the vulnerabilities of security that has patched in this month of releasing. The updates include the patches for eight critical bugs in which including one that affects of the recognized lab stage fright library that has already seen its possible share of well-publicized vulnerabilities.

The new firmware of Nexus have also been released the images to the Google Developer site for downloading and also the change logs have also been published on the Android Open Source Project (AOSP) for the various manufacturers as well as for its partners. 

Google said that the issues will be disclosed to the Android Open Source Project(AOSP) repository after the patching of source code for over the next 48 hours. Whereas the various manufacturers plan to release their specific updates of the device. Even BlackBerry has already free their  April security update for its Priv Android smartphone.

The eight vulnerabilities which have been highlighted as “Critical by Google” that is used to latest updates of the April. And it also patches updates the 13 vulnerabilities which fall into the spectrum of  "high" severity. Even the company has already listed eight "moderate" security issues that have also been determined.

According to its Nexus Security Bulletin, for April Google said that the updates of the Android security which has fixed one of the most stern the vulnerabilities of the Stagefright security that could allow the execution by remotely coding on an artificial device through the various methods just like email, Web browsing, and MMS , when processing media files. 

According to the Official Statement the partner OEMs were informed about the matter and they explained that in the April security update on March 16, 2016 or earlier.

The critical vulnerabilities that fixed in the regular Google updation that includes remote code execution vulnerability in DHCPCD, in which if there is something left untouched then it can allow the attackers to the cause of memory corruption.

Many other vulnerabilities just like code execution vulnerability in media codec, remote code execution vulnerability in media server as well as remote code execution vulnerability in lab stage fright that can permits an attacker which become the causes of memory corruption as well as remote code execution as the media server process during media file as well as data processing of a specially crafted file.

There are listed some other critical vulnerabilities in which included elevation of advantageous vulnerability in Kernel, elevation of privilege vulnerability in Qualcomm Performance  Module, elevation of Privilege Vulnerability in Qualcomm RF Component as well as elevation of Privilege Vulnerability in Kernel.

Especially the majority of vulnerabilities fixed the Android security update were informed to the Google late last year or even in early this year.
Such as the security updates of February as well as March similarly April Android security update is merely focused on security fixes that do not upgrade the Android version. 


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer