Google Patches 6 Critical Android Mediaserver Bugs

9May - by Dawood Khan - 0 - In News

Google has released its monthly security patches for Android this week, addressing 17 critical vulnerabilities, 6 of which affect Android Mediaserver component that could be used to execute malicious code remotely.

Italian Botnet Operator Made Over $325,000, is now Extradited to the US US officials successfully extradited a 30-year-old Italian man for his role in creating and running a botnet of hacked servers.Authorities say the botnet operator, named Fabio Gasperini, created his botnet by hacking into servers across the world, where he left a backdoor. ...

Besides patches for Mediaserver, Google also fixed 4 critical vulnerabilities related to Qualcomm components discovered in Android handsets, including Google's Nexus 6P, Pixel XL, and Nexus 9 devices.

According to the Google security bulletin for Android published Monday, this month's security update is one of the largest security fixes the company ever compiled in a single month.

Google has split Android's monthly security bulletin into security "patch levels":

Partial security patch level (2017-05-01) covers patches for vulnerabilities that are common to all Android devices.

Complete security patch level (2017-05-05) includes additional fixes for hardware drivers as well as kernel components that are present only in some devices.

Russian Hacker Held In Spain Reportedly Over U.S. Election 36-year-old Pyotr Levashov from St. Petersburg was detained by police in Barcelona after US authorities issued an international arrest warrant for his arrest.It was unclear why Pyotr Levashov was arrested. The embassy spokesman declined to give details and Spanish police and ...

Critical RCE Flaw in Android Mediaserver

According to the search engine giant, the Mediaserver vulnerability "could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files."

In other words, attackers could exploit the Mediaserver vulnerability by tricking users into downloading a specially crafted multimedia file on their devices, or sharing the media file via email or other messaging apps and remotely execute arbitrary code.

Interestingly, this vulnerability could be triggered while you sleep, as it’s not even necessary for you to open the file because as soon as your device receives the media file, the file system will cause Mediaserver to process it.

The vulnerability was discovered in early January and affects Android versions 4.4.4 KitKat through 7.1.2 Nougat.

Kernel-level Vulnerabilities in Qualcomm

Google has also patched four critical vulnerabilities that stemmed from Qualcomm components and could allow an attacker to gain high-level (root) privileges on an Android device.

Two critical vulnerabilities (CVE-2016-10275 and CVE-2016-10276) in Qualcomm bootloader create conditions ripe for an elevation of privilege attacks, enabling "a local malicious application to execute arbitrary code within the context of the kernel," according to the bulletin.Another critical Qualcomm bug (CVE-2017-0604) in power driver could also allow a local malicious application to execute malicious code on the device within the context of the kernel, which is the most privileged area of the OS.

Free hacking tools are helping young into ‘cyber-crime’ Free, easy-to-use hacking tools help many young people slip into a life of cyber-crime, according to a report. The National Crime Agency (NCA) has detailed the "pathways" taken by people who become criminals.Many started by getting involved with game-cheat websites or forums...

No Evidence of Flaws Being Exploited in the Wild

Six of the 17 critical patches are addressed with the 2017-05-01 partial security patches, while the remaining 11 critical security flaws affecting various drivers, libraries and bootloaders are patched in the 2017-05-05 complete patch level.

Good news is that Google assured its users that there are no reports of any of the security vulnerabilities being exploited in the wild.

Google says, having two patch levels "provide Android partners with the flexibility to more quickly fix a subset of vulnerabilities that are similar across all Android devices."

So, users are strongly advised to download the most recent Android security update to keep their devices protected against any potential attack.

Nexus and Pixel devices will receive the complete patch in an over-the-air update in the coming days, or the owners can download it directly from Google's developer site.

It's also worth noting that Google revealed last week that the Nexus 6 and Nexus 9, which were released in November 2014, would no longer be "guaranteed" to receive security updates after October 2017.

A similar timeline has been offered for newer Pixel and Pixel XL handsets of October 2019. After that, the tech giant will only push necessary security fixes to those devices.

Leave a Reply

Your email address will not be published. Required fields are marked *