Home
Mobiles
Mobiles News
Google Details Fixes in Latest Android Security Release

Google Details Fixes in Latest Android Security Release

By NDTV Correspondent | Updated: 14 September 2015 18:18 IST

Google last week released an Android security update to Nexus 4, Nexus 5, Nexus 6, Nexus 7, and Nexus 9 devices. The update brought Android security enhancements apart from minor bug fixes.

Now, the company has detailed the fixes contained in the Android security update rolled out to Nexus devices. In its Nexus Security Bulletin for the month of September, Google adds that the monthly release build LMY48M along with source code patches have been released to the Android Open Source Project (AOSP) source repository.

Google has released a list including security vulnerabilities such as remote code execution vulnerability in Mediaserver (aka Stagefright); elevation of privilege vulnerability in kernel; elevation of privilege vulnerability in Binder; elevation of privilege vulnerability in Keystore; elevation of privilege vulnerability in region; elevation of privilege vulnerability in SMS enables notification bypass; elevation of privilege vulnerability in Lockscreen, and denial of service vulnerability in Mediaserver.

The company pointed that the most severe out of these issues was a critical security vulnerability that could enable remote code execution on an affected device. Google marked remote code execution vulnerability in Mediaserver and elevation of privilege vulnerability in Kernel as critical severity.

"We have not detected customer exploitation of the newly reported issues. The exception is the existing issue (CVE-2015-3636). Refer to the Mitigations section for details on the Android security platform protections, and service protections such as SafetyNet, which reduce the likelihood that security vulnerabilities can be successfully exploited on Android," noted Google in its Security Bulletin.

The mitigations provided by the Android security platform and service protections such as SafetyNet ( which are likely to reduce the likelihood that security vulnerabilities can be successfully exploited on Android) include the suggestion for all users to upgrade to Android 5.0 Lollipop as the version includes improved Address Space Layout Randomization (ASLR) algorithm, while the default Verify Apps options that warns users about potentially harmful apps about to be installed. Google has also updated the Hangouts and Messenger apps to not allow media automatically passed to vulnerable processes (such as Mediaserver).

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.