Home / Software & Service News / Google fixes two serious Android security flaws

Google fixes two serious Android security flaws

Google’s mobile security team has definitely been busy cleaning house this week. The company has released an Android update that closes two security holes that could pose a major threat if intruders found a way to exploit them. The first was only designed for “research purposes” and would only have been malicious if modified, Google tells Ars Technica, but it wouldn’t have been hard to detect or weaponize.

The other flaw behaved similarly to the well-known Stagefright exploit, letting an attacker send an altered JPEG image through Gmail or Google Talk to hijack your phone. The issue, as SentinelOne researcher Tim Strazzere explains to Threatpost, is that it’s both easy to find and capitalize on this vulnerability.

There’s more. Security company Check Point also revealed that Google Play had been hosting apps containing two forms of malware (CallJam and DressCode). CallJam both steered phones to websites that made bogus ad revenue and, if you granted permission, would call paid phone numbers. DressCode would also visit shady ad sources, but it could also compromise local networks. Google has since removed the offending apps, but the infection rate may have been high when users downloaded the software hundreds of thousands (or in a few cases, millions) of times.

While the likelihood of running into this malware is relatively small, it underscores an issue with timely Android security updates. Only Nexus owners get first crack at the fixes — most everyone else will have to wait, provided they’re in line in the first place. Google’s monthly security updates help, but this won’t do much if your phone maker either hasn’t committed to those updates or has left you running an older Android version that can’t get those patches. You may have to either be patient for a more conventional update or move to a newer device if you’re determined to stay current.

Via: Ars Technica, Threatpost

Source: Android, Project Zero, Check Point (1), (2)

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

Hoo-boy! This damning Uber letter is a wild ride

TwitterFacebook

The disasters that former Uber CEO Travis Kalanick left in his wake at his popular ride-hailing app company was one of this year's biggest tech industry stories. Now, as we wrap up the year, Uber (through a court case) has gifted us a letter detailing many of the company's alleged wrongdoings and spy tactics. 

The so-called Jacobs letter was written by an attorney representing Richard Jacobs, a former Uber security analyst. It alleges shady and potential illegal operations, including how Uber employees monitored the competition and acquired trade secrets. 

More about Transportation, Uber, Self Driving Cars, Waymo, and Uber Waymo

css.php