Critical Android Security Patches to Address Media and Rooting Vulnerabilities by Google

Critical Android Security Patches to Address Media and Rooting Vulnerabilities by Google

For some time now, the security concerns on the Android OS platform have been bothering many users. It must be said that Google has been quick to come out with fixes to mitigate the exposure through its OS versions of the Kit Kat and Lollipop. However, malware and rogue virus developers seem to be extra busy and ahead of the curve at all times and that means Google has to be proactive with its security fixes more than ever before.

Google has been making efforts to strengthen it through a regular stream of updates. The Kit Kat 4.4 and Lollipop OS brought in extra security features like encryption and the latest Marshmallow OS update also promises better security for users.

Updates are not downloaded on time at all times

However, all these updates though released from time to time do not find their way into user phones because not many are alert or active enough to download the updates. Some users of the Nexus phones are lucky enough to receive updates every month and some other major OEMs are also rolling out updates regularly but many others are rather slow. This leads to their users missing out on such updates and are therefore vulnerable to malware attacks.

The importance of security updates cannot be overemphasized because flaws keep cropping up on the Android OS. These can be easily exploited by hackers to steal private data. Users are also getting exasperated that they have to be always on the guard and download updates on time to be able to get total security for their devices.

Major flaws causing concern and vulnerability

The most worrying one identified as CVE-2015-6636 and given a Critical rating allows the hacker to execute codes on devices from a remote location. He can through means like email, MMS and web browsing execute these codes and install the malware he wants. The malware then will go on to take control of the files as well as conversations of the user. Google has confirmed though it has dealt with this threat adequately.

The concept of regular patching and users downloading on time remain the key to address such issues effectively. In addition, the patch that is released has to work perfectly and there can be no room for any mistake. The patch released by Google for Stagefright vulnerability attracted negative attention with many users saying it did not work properly and Google had to send out a revised one.

Google says it will update users about security updates on time

Google has taken serious note of security lapses and has now informed it has taken up the issue with its partners. The updates henceforth and news about the source code patches will be known to users the moment they are released into the AOSP or Android Open Source Project.

The user has to ensure that he or she downloads the security update the moment there is intimation about it. A lot also depends on the manufacturer of the device you are using and that is where occasional lapses occur. If Google can impress upon its partner manufacturers to be diligent about security patches and make them available to the users on time, the chances of malware creeping into your device would reduce significantly.

Fresh batch of security fixes for Nexus, an important development

It is in this light that the release of a fresh batch of fixes for the Nexus smart devices acquires importance. These fixes are aimed at taking care of the flaws that have enabled attackers to target devices through rogue emails, MMS messages and even through Web pages.

The fixes for the Nexus are being rolled out through firmware updates OTA and these will be then also added to the AOSP or the Android Open Source Project quickly. The Android Marshmallow will have these fixes as well.

Updates takes care of 5 main vulnerabilities deemed critical

These updates have been rolled out to address the top 5 vulnerabilities that have been deemed critical in addition to 12 others that are rated high and another 2 as moderate. There were many flaws picked up that were lying within the media processing unit of the OS that related to audio-video playback and file metadata parsing.

One such critical vulnerability had to do with the media server, which is the core of the OS and can be exposed to exploitation by hackers for executing arbitrary codes. These codes would have disguised privileges that normally third party apps will not have. Attackers can therefore take advantage of these flaws to trick users and play some media files that they otherwise would not have played.

It is worth mentioning here that Google has also done away with the parsing of the multimedia messages that used to happen automatically within the Google Hangouts as well as Messenger.

The 3 vulnerabilities which can lead towards the execution of codes through web browsing, email or MMS have also been patched up in Skia graphics. The last one patched in this release deals with the flaw associated with the escalation of a privilege within the Android kernel. This is the one that enables rooting of the device but if the user does not know how to manage it and it ends up in the hands of attackers, they can play havoc with the OS.

Google recommends users to update quickly

There are other escalation flaws related to privileges that have also been fixed. However, Google suggests users to immediately or as quickly as possible, update to the latest OS so that there are lesser chances of malware creeping into the devices. The latest OS versions are much more robust and can prevent malware attacks. Google also has the Verify Apps and the SafetyNet for blocking applications that are harmful.


Leave a Reply