Google IT & Web-tech News Security

Google’s Monthly Android Security Update For Nexus Plugs Multiple Critical Holes

Google-Nexus-5-20151
Share on Facebook
Tweet about this on TwitterShare on Google+Share on StumbleUponShare on LinkedInPin on PinterestShare on Reddit

Google has released its monthly Nexus security update and this time, the patch includes fixes for at least thirty issues including eight critical bugs that have been plauging Nexus users.

As per the Nexus security bulletin,

We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

Android Security Advisory 2016-03-18 previously discussed use of CVE-2015-1805 by a rooting application. CVE-2015-1805 is resolved in this fresh Nexus update. Google further says that there have been no reports of active customer exploitation or abuse of the other newly reported issues. Refer to the Mitigations section for further details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform.

The company is also making the source code for the patches, commonly available through the Android Open Source Project within the next two days. The update will take care of several significant issues, including remote code execution and rooting related threats.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

Here are all the vulnerabilities that have been resolved :

Screen Shot 2016-04-05 at 9.35.33 am

Screen Shot 2016-04-05 at 9.35.44 am

Google’s stand on rooting has been pretty clear too, however a vulnerability existed, that allowed exploitation resulting into rooting.

Google has become aware of a rooting application using an unpatched local elevation of privilege vulnerability in the kernel on some Android devices (CVE-2015-1805). For this application to affect a device, the user must first install it.

Predictably, Google does not allow installation of rooting applications and now, has updated its systems to take the said vulnerability into account.

Meanwhile, lets hope that more manufacturers take a leaf out of Google’s book in bringing regular updates to their users.


 

A bibliophile and a business enthusiast.

[email protected]


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *