GOOGLE IS PREPARING to release 47 security patches for its Nexus and Pixel range of devices, with 10 of them rated as critical.
Google published details on the bug fixes in its latest Android Security Bulletin. They affect a range of areas, including the media framework, Qualcomm components and the operating system itself.
Although it hasn’t disclosed much information on the situation, the company said one of the worst bugs affects the media framework on Android.
The bug means cyber crooks can “enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process”.
There are several media framework bugs, affecting various versions of Google’s mobile operating system. Two of them have affected 31 per cent of active Android 6.0 devices.
Meanwhile, only one of them affects Android 8.0, but this is only at 0.3 per cent. The bug has also impacted Android 7.0 and 8.0, with a 20.9 infection rate.
Many of these Android bugs relate to Qualcomm components, although they have been detailed to the public in the past. Again, cyber crooks are able to tap into them to execute arbitrary code.
The company also found bugs at the system level of Android 7.0 and higher, saying they allow “a proximate attacker to execute arbitrary code within the context of a privileged process”.
Attackers can do this by tapping into a WiFi connection, Bluetooth or cellular modem. Google described this as another “severe vulnerability”, but there isn’t much detail on the actual causes.
Whatever the case, patches are already in the pipeline. “Android partners are notified of all issues at least a month before publication,” explained Google.
“Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.” µ
Source : Inquirer