A new security hole in Android, CVE-2015-3842 code, was discovered by Trend Micro in June. She works from a system problem of the media server. This type of fault, known as heap overflow, depending on how it is exploited, can escalate the privileges of those who explores. All versions of Android from 2.3 Gingerbread were vulnerable . Fortunately, it’s since been corrected by Google in collaboration with those responsible for the discovery.
The flaw involves a media server component called AudioEffect. As Wu Wish Trend Micro explains, the vulnerability can be exploited after a user installs an app that does not ask for any special permission. He, taking advantage of the flaw, can gain the same privileges as the media server. How the component deals with various aspects of the device, including images and videos, user privacy would be in great danger. What was called “The worst vulnerability in Android history” also comes from the media server.
The attack can be completely controlled, which means that a malicious application can decide when to start or stop the attack. A hacker could run your code with the same permissions as the media server is in their normal routines. Since the media server component handles various tasks related to media, including taking pictures, reading files and MP4 video recording, the privacy of the victim would be at risk.
A demonstration of the attack was carried out on a Nexus 6 running Android 5.1.1. The malicious application could successfully lock the media server component. Also, if you can not exploit the flaw, you are able to restart its process.
The correction of the fault was carried from Google’s bug hunting program that rewards security analysts for reporting problems. Those responsible for the discovery say they found present attacks taking advantage of the flaw. Also, due to the large number of vulnerabilities being found and the growing security concerns, Google has promised greater transparency in Android security updates.
No comments:
Post a Comment