Jump to content

Google patches another 'high severity' bug in Android


RV_

Recommended Posts

Android's ecosystem has security issues in that not only is Google and their vendors not updating the old Android 2.3 phones and Tablets that are still in use, but they brag about Samsung doing the unheard of and updating a two year old premier phone. Here is the latest and then at the bottom the other three ZDNET stories about Stagefright and other issues that are being attacked today.

 

Excerpt:

 

"More security fixes on the way for Android users after researchers find another flaw in Android mediaserver.

 

Google has patched yet another security bug affecting Android versions 2.3 to 5.1.1, which security firm Trend Micro says could be used to abuse device owners' privacy.

 

The bug, likely to be fixed in Google's next monthly security update for Nexus devices, could allow attackers to abuse Android's mediaserver program to spy on device owners.

 

The bug adds to a growing list of vulnerabilities stemming from the Android component, which was at the root of one of the seven of bugs found in the Stagefright media library. Stagefright prompted Android OEMs to begin working with carriers on processes to ensure end users receive more reliable and regular security updates using a monthly patching cycle.

 

Trend Micro researcher Wish Wu noted yesterday that Google added a fix for the latest bug, known as CVE-2015-382, to the Android Open Source Project code on August 1, with Google giving the flaw as a high severity rating.

 

Unlike Stagefright, which could be exploited simply by sending a malicious media file to affected Android devices, in this case an attacker would need to trick victims into installing a malicious app.

 

Should they achieve this however, "an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its normal routines," said Wu.

 

"Since the mediaserver component deals with a lot of media-related tasks including taking pictures, reading MP4 files, and recording videos, the privacy of the victim may be at risk," he added."

 

More and links to related stories here: http://www.zdnet.com/article/google-patches-another-high-severity-bug-in-android/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

 

Related Android security vulnerabilities:

 

•Android, you have serious security problems: http://www.zdnet.com/article/android-you-have-serious-security-problems/

•Stagefright: Just how scary is it for Android users? http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/

•Sandbox bypass in Android Google Admin console revealed: http://www.zdnet.com/article/sandbox-bypass-in-android-google-admin-console-revealed/

 

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...