Google has released an update for Android
Google has released a security update for Android Nexus Security Bulletin - February 2016 , which closes 7 critical and 6 other vulnerabilities in the components of this mobile OS, starting with version 4.4.4 and ending with the latest 6.0.1. The update closes two dangerous vulnerabilities in the Broadcom Wi-Fi driver (CVE-2016-0801, CVE-2016-0802) for all the above Android versions. Vulnerabilities allow attackers to execute arbitrary code on the system, and with maximum rights at the OS kernel level.
Vulnerabilities can be exploited by sending network packets to the device in a special way, which will lead to memory corruption in the driver and code execution. The severity of the vulnerability lies in the fact that the user himself does not need to take any action to trigger the exploit and execute the code on the device. Vulnerabilities were discovered back in October last year.
')
Two other dangerous vulnerabilities with identifiers CVE-2016-0803 and CVE-2016-0804 were fixed in the infamous Mediaserver component, for which a sufficient number of vulnerabilities had already been fixed. Attackers can use specially crafted MMS messages to send to the user, leading to remote code execution. Unlike previous vulnerabilities in the Wi-Fi driver, to trigger an exploit, the user must open the malicious content (message).
Vulnerabilities have also been fixed in Qualcomm components. The first CVE-2016-0805 was present in the so-called. module performance measurement (performance event manager component for ARM processors), and the second CVE-2016-0805 in the Wi-Fi driver. Both vulnerabilities allow a malicious application to gain high privileges on Android.
Information about all fixed vulnerabilities can be obtained via this link .
be secure.
Vulnerabilities can be exploited by sending network packets to the device in a special way, which will lead to memory corruption in the driver and code execution. The severity of the vulnerability lies in the fact that the user himself does not need to take any action to trigger the exploit and execute the code on the device. Vulnerabilities were discovered back in October last year.
')
Two other dangerous vulnerabilities with identifiers CVE-2016-0803 and CVE-2016-0804 were fixed in the infamous Mediaserver component, for which a sufficient number of vulnerabilities had already been fixed. Attackers can use specially crafted MMS messages to send to the user, leading to remote code execution. Unlike previous vulnerabilities in the Wi-Fi driver, to trigger an exploit, the user must open the malicious content (message).
Vulnerabilities have also been fixed in Qualcomm components. The first CVE-2016-0805 was present in the so-called. module performance measurement (performance event manager component for ARM processors), and the second CVE-2016-0805 in the Wi-Fi driver. Both vulnerabilities allow a malicious application to gain high privileges on Android.
Information about all fixed vulnerabilities can be obtained via this link .
be secure.
Source: https://habr.com/ru/post/276415/
All Articles