 |
Google's Android will utilize code from the open source OpenJDK venture Credit: Martyn Williams |
Attackers could bargain devices with Broadcom Wi-Fi chips over the wireless network
Google has fixed 13 new vulnerabilities in Android, two of which could permit attackers to take control of Android devices situated on the same Wi-Fi system on the off chance that they have Broadcom chips.
The two basic vulnerabilities are situated in the Broadcom Wi-Fi driver and can be abused by sending extraordinarily created remote control parcels to the influenced gadgets. These messages could degenerate the part's memory and take into account the execution of self-assertive code in the piece - the most noteworthy advantaged zone of the working framework.
These imperfections are basic in light of the fact that the assault doesn't require any client collaboration, can be misused remotely and can prompt a complete gadget bargain.
The driver for Wi-Fi chips from Qualcomm additionally had a basic weakness that could bring about self-assertive code execution with part benefits. Be that as it may, it must be misused by a privately introduced application.
At last, a third weakness was situated in the Wi-Fi segment and could be misused by a neighborhood application to execute code with framework benefits. This helplessness was evaluated as high.
Google's new fixes additionally alter two basic remote code execution vulnerabilities in mediaserver, a segment that handles sound and video document parsing, one basic blemish in Qualcomm's execution occasion supervisor part for ARM processors and one in the Debugger daemon segment.
The vulnerabilities in the Qualcomm execution module and Debuggerd could be misused by nearby applications and the blemish in mediaserver could be abused through uncommonly created media documents stacked from sites or implanted into sight and sound messages.
The organization additionally settled high-affect vulnerabilities in libraries including mediaserver and libmediaplayerservice, and two moderate defects in setup wizard. These imperfections could prompt disavowal of administration, data divulgence, benefit acceleration and security sidesteps.
Google imparted data about these defects to its OEM accomplices on Jan. 4 and discharged firmware upgrades for its Nexus gadgets Monday. Android firmware that fuses these fixes ought to have a security patch level string of February 1, 2016 or later.
The organization will likewise distribute these patches to the Android Open Source Project so that other Android-based working frameworks, for example, CyanogenMod can incorporate them.
No comments:
Post a Comment