Tuesday, April 5, 2016

Google fixes 39 security flaws in Android update – Computerworld

Google has released one of the largest monthly updates security, fixing a total of 39 vulnerabilities – 15 considered critical, including four that could lead to the total unit commitment.

The patches were released on Monday (4) for Nexus devices and will also be published to the Android Open Source Project in the next 24 hours.

They include a fix for the vulnerability that Google warned about two weeks and was already being operated by a root application publicly available. Crawled as “CVE-2015-1805″, the escalation flaw was originally fixed in the Linux kernel in April 2014, but had not been clear until February this year she also hit the Android.

Android media processing components remain a source of serious vulnerabilities. The update for this month includes patches for nine critical flaws remote code execution in the media codec Android MediaServer and Stagefright library.

In this, a privilege escalation vulnerability and four issues of disclosure of information classified as high impact were repaired on the MediaServer.

Other components where critical flaws were found and repaired include the Android kernel, the Dynamic Host Configuration Protocol (DHCP), Qualcomm Performance module and Qualcomm RF module.

Escalation high impact vulnerabilities, which can give more privileges to third-party applications that would normally have, were repaired in IMemory Native Interface, Telecom component, download manager, Bluetooth, system_server, among others .

The Android Security Team search constantly for abuse vulnerabilities through security features Verify Apps and Android SafetyNet.

If an update to Android 6 is offered by an equipment manufacturer, users are advised to install as soon as possible. Otherwise, the patch on April 2 Android should protect against all vulnerabilities patched in this monthly update.

LikeTweet

No comments:

Post a Comment