During the round patch of July, Google 103 vulnerabilities in Android poem. Slightly less than the record of 108 vulnerabilities that were resolved last month. Of the 103 vulnerabilities, there are 12 considered serious. Through these vulnerabilities, an attacker at worst, run arbitrary code such as installing malicious apps.
The vulnerabilities can be exploited according to Google via MMS, web sites, email, and media files. However, there are no indications that there has been abuse. Serious vulnerabilities exist in media server, the kernel and various components from Qualcomm. Again Media Server is a weakness of Android. This section deals with all kinds of media-related tasks, such as taking photos, playing video files and record videos.
In recent months there were many serious vulnerabilities discovered in the Android section. An attacker could abuse this by MMS, browser or malicious media files. Subsequently, it is possible to execute arbitrary code in the Media Server process. Media Server has access to audio and video streams and rights that third-party apps normally have no access.
The vulnerabilities in those components and drivers Qualcomm have already been reported in 2014 and 2015. Through the vulnerabilities a malicious local application can increase its rights and execute arbitrary code with kernel rights, which continue to have a permanent attacker control over the phone unless Android is reinstalled.
Google has already rolled out Nexus Android devices the corresponding security update. If the updates for the Android Devices from other manufacturers appear is unknown, but more and more parties like Google use a monthly patch round.
No comments:
Post a Comment