Developers Club geek daily blog

1 year, 6 months ago
Google released a security update for Android Nexus Security Bulletin — January 2016 which closes 12 vulnerabilities in this mobile OS. One of the corrected vulnerabilities of CVE-2015-6636 (Remote Code Execution Vulnerability in Mediaserver) belongs to the Remote Code Execution (RCE) type and allows malefactors to perform far off a code with the raised privileges in Android with use of the harmful multimedia file. For delivery of this file the MMS message or a phishing web resource for the browser can be used. Four more critical vulnerabilities belong to the Elevation of Privilege (EoP) type and allow attacking to raise privileges of the code in system to OS kernel level.

Google corrected vulnerabilities in Android

Other two vulnerabilities belong to the High type, one of them allows attacking to be connected by CVE-2015-6641 in the Bluetooth component on wireless connection to the device and to get access to personal information of the user. Other vulnerability of CVE-2015-6642 of the Information Disclosure type in a kernel allows to bypass the built-in mechanisms of safety Android and to receive the raised privileges in system.

Google corrected vulnerabilities in Android

Updating corrects critical EoP of vulnerability in drivers of the MediaTek companies (misc-sd the driver) and Imagination Technologies, and also in a kernel and the Widevine QSEE TrustZone application. Vulnerabilities in all these components allow attacking to acquire the highest rights in system. The remained vulnerabilities belong to the Moderate type. It indicates that the malefactor will not be able to do by means of them essential harm to the user's device.

Google also supplied Android 6 with a new safety feature under the name Attack Surface Reduction for Nexus Kernels. The come-out updating deletes from OS the mechanism of inter-process communication under the name SysV IPC which, according to Google, is used in the purposes by the malware and does not add the OS essential functions. Its support is also incompatible with ensuring life cycle of other Android applications, and also a large number of the consumed kernel resources.

image
be secure.

This article is a translation of the original post at habrahabr.ru/post/274559/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus