Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Google fixes several Android OS security flaws

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 2, 2016

Five deemed 'critical,' four 'high severity' and one merely 'moderate' security flaws make up the list of the latest Android security patches which are now available for Nexus devices.

The security bug fixes will flow through to other Android devices sooner rather than later.

Those critical fixes relate to Broadcom and Qualcomm WiFi drivers, Android's Mediaserver, Qualcomm's performance module, and the Android debugger daemon.

Here's the advisory. One by one, the critical bugs are:

  • CVE-2016-0801 and CVE-2016-0802, the Broadcom WiFi driver bugs that allow remote code execution in the context of the kernel, so long as attacker and victim are associated with the same network.

  • CVE-2016-0803 and CVE-2016-0804 in Mediaserver, not the same bugs as were fixed in the January release but just as bad. Once again, crafted messages can crash the server, leaving the target open to remote code execution.

  • The Qualcomm bugs, CVE-2016-0805 for the performance module and CVE-2016-0806 for the WiFi driver bug, are local security flaws that get the critical rating because if exploited, the user might have to re-flash the device.
  • The same applies to the escalation of the so-called privilege bug in the faulty daemon: exploitation could leave you with a system that has to be re-flashed.

    Oh, and there's also a Minikin library bug (CVE-2016-0808) that could send the user into perpetual reboot hell!

    Privilege escalation bugs in the Android WiFi component (CVE-2016-0809) and another in Mediaserver (CVE-2016-0810) are also part of the many bug fixes in this session.

    There's also a security patch for an information disclosure vulnerability, dubbed CVE-2016-0811, that bug could "permit a bypass of security measures," the Android security team says, without much more detail, but the result could be an attacker getting "Signature or signatureOrSystem permissions" that are usually blocked from third-party apps.

    Finally, the Setup Wizard has a privilege escalation vulnerability (CVE-2016-0812 and CVE-2016-0813) letting an attacker reset a target device.

    "Builds LMY-49G or later and Android M with Security Patch Level of February 1, 2016 or later address these issues," the advisory says.

    Android partners were told about the security vulnerabilities on January 4, and "source code patches for those issues will be released to the Android Open Source Project (AOSP) repository over the next 2 days."

    Source: Google.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer