Google Releases Android Security Update to Fix 2 Major Security Vulnerabilities

Advertisement
By Tasneem Akolawala | Updated: 13 September 2016 17:42 IST
Highlights
  • The fix has been released for Nexus owners
  • One exploit could enter through a simple malicious jpeg image
  • Users didnt even need to click anything to allow the exploit

Google has released an Android update that fixes two critical security holes that were posing great threat to device owners. One threat was similar to Stagefright, and the other Google claims was designed for research work, but could become malicious if intruders found it and modified it.

The Google security update has been released for Nexus users only for now, but has been provided to OEM partners for their smartphones. Therefore, millions of Android phones still remain exposed to the vulnerabilities. The first vulnerability is similar to Stagefright. It could be exploited by sending maliciously formatted jpeg image through Google Talk or Gmail. The crazy thing was that the target didn't even need to click anything to get exploited, and the malicious code was hidden inside the sent jpeg's Exif data.

Advertisement

The second vulnerability was disclosed by researcher Mark Brand, reports Ars Technica. It allows attackers to execute malware or escalate local privileges on vulnerable phones. A Google spokesman told the publication that the exploit was for research purposes, and could not be used in real world attacks unless the intruder found it and modified it.

While these security patches are being received by Nexus owners, security firm CheckPoint has further revealed that Google Play has been hosting apps that contain malware called DressCode and CallJam. These malwares take phones to fraud ad revenue making websites. They even prompt users to call paid phone numbers. DressCode could additionally compromise local networks as well. Google has removed the apps since then, but only after many users downloaded the malicious software on their smartphone.

Advertisement

The only concern is that the patch for the two earlier mentioned critical vulnerabilities will reach only few Nexus users for now. Smartphones made by other OEMs are left in a lurch until the manufacturer releases an update with the patch, and even then, old phones that are no more supported won't get these patches at all. For those old handset users, switching to a new device that is supported by the OEM for regular updates is the only option.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Nothing Phone (4b) Debuts in India, Limited RCB Edition Tags Along
  1. Qualcomm Executive Teases Snapdragon Chip for Upcoming Samsung Galaxy Devices
  2. BonkDAO Suffers $20 Million Loss Through Malicious Governance Proposal
  3. iPhone Air 2 Tipped to Feature Bigger Battery, Dual Rear Cameras
  4. Apple and Broadcom Agree to Extend Chip Supply Partnership Till 2031, Regulatory Filing Reveals
  5. Qubo Dashcam Pro 2K With Front, Rear Cameras Launched in India; Company Showcases AI Smart Home Portfolio
  6. Google Is Reportedly Working on an Option to Disable Gemini Live's Guided Vision Feature
  7. Ripple Receives Full MiCA Approval in Luxembourg for Crypto Asset Services in Europe
  8. Nothing Ear (3a) Launched With 45dB ANC, 'Audio Snapshot' and Call Recording Support: Price, Features
  9. Nothing Phone (4b) Launched in India With 6,000mAh Battery, Glyph Bar Interface, Phone (4b) RCB Edition Tags Along
  10. Mysterious Redmi Smartphone Bags IMDA Certification, Hinting at Upcoming Launch
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.