There has been recent discoveries that the Android mobile operating system is not all that secure, but Google was not going to take this lying down and they have released a bunch of patches to remedy the issues. The company known for their ever-popular search engine just released a new batch of patches for the Android OS on Wednesday, and it had fixed over 100 security flaws towards multiple components found in different devices, as well as in chipset-specific drivers made from different manufacturers.
Google Released Patch That Fixes 100 Security Issues in the Android System
It has been known that Android, which is the mobile operating system made and maintained primarily by Google, and its mediaserver component (which handles the processing of audio and video streams) have been sources of many vulnerabilities in the past. Therefore, it is at the forefront for a need of a security update. The mediaserver component alone accounts for 16 vulnerabilities within the Android system, and it also include 7 critical flaws of which will allow a cyber attacker to execute certain codes with higher privileges.
The known bugs can then be exploited with the use of sending specifically developed video or audio files to Android devices through its browser, messaging, or email applications. Due to the repeated mediaserver flaws, Google Hangouts, as well as the default Android Messenger apps, no longer pass media to this particular component through automatic means.
Aside from the mediaserver component, there were other critical vulnerabilities that were fixed within the BoringSSL and OpenSSL crpyto libraries that do come installed within the Android mobile operating system. For this security issue, it can be exploited through a specially developed file for the attacker to execute code within the context of the infected processes.
Smartphone manufacturers have been notified about the latest patch and they were given the option to upgrade their handsets with one of two patch levels. There is the 2016-07-01 patch which includes device-agnostic repairs, and there is the 2016-07-05 patch which already includes the 2016-07-01 patch plus device-specific fixes. The 2016-07-01 patch level has repairs for 32 vulnerabilities. 8 of these vulnerabilities are rated critical, 9 are moderate, and 15 of high severity.
As usual, Google has released firmware updates for all of the company’s supported Nexus devices. It will also release the updates to the Android Open Source Project (AOSP) within a few days. Smartphone manufacturers and mobile carriers that are partnered with Google were already notified about these fixes.
Share This on Facebook