Google has just patched a vulnerability in the LibUtils library, that potentially allowed for the execution of arbitrary code in the applications that use this library. The attacker can use a specially crafted media file to exploit this vulnerability. Over 1 billion Android devices were vulnerable to stagefright one of the biggest vulnerabilities so far. There were seven critical vulnerabilities revealed in the monthly android security bulletin
There was a remote code execution vulnerability in Mediaserver as well. An attacker can use a file crafted for that purpose to trigger memory corruption in the device during file and data processing. There are two vulnerabilities affecting the kernel security sub system. These allow for local malicious applications to permanently compromise the device, as well as execute code. Reflashing the operating system is needed to recover a compromised device. One of these vulnerabilities was known all the way back from January 2015.
The kernel netfilter subsystem, the kernel USB driver, kernel shared memory subsystem all had a vulnerabilities that allowed for remote execution of arbitrary code. All these vulnerabilities allowed for local applications to permanently compromise the device. Repairing affected systems required the reflashing of the operating system on the device. The patches are rolled out for some Nexus devices, with updates for other devices on the way.
Post A Comment:
0 comments: