Google Fixed Around 40 Android Security Vulnerabilities
Google has found around 40 security vulnerabilities which are affecting android devices. Once again media server is identified as having flaws . Out of 40 flaws, 6 are identified as critical flaws and 12 are rated in high severity. Google has released patches for all the 40 flaws.
There are different types of flaws found in android devices such as remote code execution, elevated privilege and remote denial of service attack (DOS).
The most severe vulnerability (CVE-2016-2428 and CVE-2016-2429) are these two and they are mainly affecting the media processing files , a recurring issue for android devices. The flaw allows you for remote code execution when device got any malicious mail , any mms and went to any infected page.
Google has created a bulletin group for announcing the ratings the android devices but as this is broadened and now this bulletin is also known as security bulletin .
The flaw is more related to information disclosure as they are providing unauthorized access to the sensitive information.
Google is trying to close more and more holes but there are so many holes so it is becoming difficult for Google to discover patches for each and every flaw.
Zuk Avraham, founder, and CTO of Zimperium states that Google continues to find vulnerabilities in Android month after month.
The most elevated privileged vulnerabilities are Android's integrated debugger (CVE-2016-2430) and Qualcomm TrustZone (CVE-2016-2432) which allows malicious apps to execute arbitrary code in the debugger and the TrustZone kernel.
Vulnerabilities were discovered by Andy Tyler at e2e-assure; Hao Chen at Qihoo 360 Technology Co. Ltd; Jake Valletta at Mandiant; Jianqiang Zhao and pdf at IceSword Lab, Qihoo 360 Technology Co. Ltd; Imre Rad at Search-Lab Ltd.; Marco Grassi at KeenLab, Tencent; Mingjian Zhou, Yuan-Tsung Lo, Lubo Zhang, Chiachih Wu, and Xuxian Jiang at C0RE Team; Peter Pi at Trend Micro; Weichao Sun at Alibaba Inc.; Yulong Zhang and Tao (Lenx) Wei at Baidu X-Lab; Zach Riggle on the Android Security team; Jeremy C. Joslin and Kenny Root at Google; Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome security team; and independent researchers Dzmitry Lukyanenka, Gal Benjamin, and Michał Bednarski.
Google has published the 2015 report in last month that many of the users are still vulnerable as they security updates are mainly in the versions after 4.4 version but only 71% users are using the versions upper than 4.4.