Android Fills Nine Security Holes

Thursday, February 4, 2016 @ 06:02 PM gHale

Nine Android security holes ended up plugged with the February Nexus security update, said Google officials.

Of these, five vulnerabilities are critical, four are high and one is of moderate severity.

Google Play Loaded with Android Trojans
Ransomware Targets Android Users
Exploiting a Flaw in Ransomware
OpenSSH Flaw could Leak Private Keys

The most severe of these issues is a critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

The Remote Code Execution Vulnerability in Broadcom’s Wi-Fi driver is also a critical severity as it could allow remote code execution on an affected device while connected to the same network as the attacker, the company said in a post, but added there are no active attacks reported.

In addition, Google continued its series of patching Mediaserver bugs.

The remaining three critical bugs are elevation of privilege vulnerabilities that could lead to permanent device compromise, and fixing this problem would likely require a re-flashing the OS.

As per usual, Google notified partners of the issues well in advance (nearly a month before), and source code patches for these issues will release to the Android Open Source Project repository shortly.

Users of other Android smartphones will get the patches soon, although the security of their devices very much depends on the manufacturers and their mobile carriers.

Samsung has been keeping (relatively good) pace with Google, and they are keeping their promise to issue monthly security updates for its Android-powered devices.

LG has also pledged to regularly provide security updates for their Android users, which it tasks mobile service providers to deliver Over-the-Air.