Jump to content

Google patches another 'high severity' bug in Android


RV_

Recommended Posts

Android's ecosystem has security issues in that not only is Google and their vendors not updating the old Android 2.3 phones and Tablets that are still in use, but they brag about Samsung doing the unheard of and updating a two year old premier phone. Here is the latest and then at the bottom the other three ZDNET stories about Stagefright and other issues that are being attacked today.

 

Excerpt:

 

"More security fixes on the way for Android users after researchers find another flaw in Android mediaserver.

 

Google has patched yet another security bug affecting Android versions 2.3 to 5.1.1, which security firm Trend Micro says could be used to abuse device owners' privacy.

 

The bug, likely to be fixed in Google's next monthly security update for Nexus devices, could allow attackers to abuse Android's mediaserver program to spy on device owners.

 

The bug adds to a growing list of vulnerabilities stemming from the Android component, which was at the root of one of the seven of bugs found in the Stagefright media library. Stagefright prompted Android OEMs to begin working with carriers on processes to ensure end users receive more reliable and regular security updates using a monthly patching cycle.

 

Trend Micro researcher Wish Wu noted yesterday that Google added a fix for the latest bug, known as CVE-2015-382, to the Android Open Source Project code on August 1, with Google giving the flaw as a high severity rating.

 

Unlike Stagefright, which could be exploited simply by sending a malicious media file to affected Android devices, in this case an attacker would need to trick victims into installing a malicious app.

 

Should they achieve this however, "an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its normal routines," said Wu.

 

"Since the mediaserver component deals with a lot of media-related tasks including taking pictures, reading MP4 files, and recording videos, the privacy of the victim may be at risk," he added."

 

More and links to related stories here: http://www.zdnet.com/article/google-patches-another-high-severity-bug-in-android/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

 

Related Android security vulnerabilities:

 

•Android, you have serious security problems: http://www.zdnet.com/article/android-you-have-serious-security-problems/

•Stagefright: Just how scary is it for Android users? http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/

•Sandbox bypass in Android Google Admin console revealed: http://www.zdnet.com/article/sandbox-bypass-in-android-google-admin-console-revealed/

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...