Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Data Security / 6 Critical Android Patches Released
Google Patches 6 Critical Security Vulnerabilities in Android
Google Patches 6 Critical Security Vulnerabilities in Android
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
03
2017
Technology giant Google released new security patches Monday to address some critical bugs in the Android operating system, including one that could allow an attacker to gain remote execution privileges through a variety of methods such as email, Web browsing, and instant messages.

The patch is being made available to Nexus devices via an over-the-air update. Android users can also update their devices directly from the Android Web site, while OEMs will have the option of directing users to the site or pushing their own over-the-air updates to users.

The security update, part of Google’s normally scheduled monthly security patch releases, addresses a broad array of Android vulnerabilities. The most critical are the six vulnerabilities that relate to the operating system’s Mediaserver.

Remote Code Execution Vulnerabilities

The vulnerability in the Mediaserver component could allow an attacker to cause a memory corruption when media files and data are being processed, allowing the hacker to execute remote code, according to Google.

In addition to the patch for the Mediaserver component, Google also released fixes for critical vulnerabilities in Android’s GIFLIB library that could also allow remote code execution during a Mediaserver process, and an elevation of privilege vulnerability in the MediaTek touchscreen driver.

Other components of the operating system, such as the Qualcomm bootloader, the kernel sound subsystem, the Motorola bootloader, Nvidia video driver, Qualcomm power driver, and kernel trace subsystem, also contain critical exploits that could permanently compromise an Android device. However, those vulnerabilities are not as severe as the Mediaserver bug.

Although the potential for the abuse of these vulnerabilities is high, Google said that it has not received any reports of active exploits for them. Still, the company recommended that all users accept the update on their devices.

Timeline for Security Supports

Google also updated users on the service lifetimes for its Pixel and Nexus devices. The Pixel and Pixel XL phones will cease to receive guaranteed Android version updates after October 2018, and aren't guaranteed to receive security updates after October 2019, according to the company.

Of more immediate concern to users is the announcement that Nexus 6P and Nexus 5X devices will stopping getting Android version updates after September of this year, and will not receive security updates after October 2018. Nexus 6 and Nexus 9 users, meanwhile, have already stopped receiving OS updates, and will no longer receive security updates after October of this year.

For Nexus devices, those timelines certainly seem short. The Nexus 6P was only released in September of 2015. By cutting off OS update support in 2017, Google is essentially making the device obsolete after only two years. Cutting off security updates in 2018, meanwhile, means owning a three-year-old Android phone will likely be unsafe.

Image credit: Product shots of Pixel and Pixel XL phones by Google.

Tell Us What You Think
Comment:

Name:

TomMenaker:
Posted: 2017-05-08 @ 8:24am PT
How do I download this fix to my Samsung Galaxy S4?

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.