Menu
Google fixes critical Wi-Fi and media-processing flaws in Android

Google fixes critical Wi-Fi and media-processing flaws in Android

Attackers could compromise devices with Broadcom Wi-Fi chips over the wireless network

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.

The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel's memory and allow for the execution of arbitrary code in the kernel -- the highest privileged area of the operating system.

These flaws are critical because the attack doesn't require any user interaction, can be exploited remotely and can lead to a complete device compromise.

The driver for Wi-Fi chips from Qualcomm also had a critical vulnerability that could result in arbitrary code execution with kernel privileges. However, it could only be exploited by a locally installed application.

Finally, a third vulnerability was located in the Wi-Fi component and could be exploited by a local application to execute code with system privileges. This vulnerability was rated as high.

Google's new patches also fix two critical remote code execution vulnerabilities in mediaserver, a component that handles audio and video file parsing, one critical flaw in Qualcomm's performance event manager component for ARM processors and one in the Debugger daemon component.

The vulnerabilities in the Qualcomm performance module and Debuggerd could be exploited by local applications and the flaw in mediaserver could be exploited through specially crafted media files loaded from websites or embedded into multimedia messages.

The company also fixed high-impact vulnerabilities in libraries including mediaserver and libmediaplayerservice, and two moderate flaws in setup wizard. These flaws could lead to denial of service, information disclosure, privilege escalation and security bypasses.

Google shared information about these flaws with its OEM partners on Jan. 4 and released firmware updates for its Nexus devices Monday. Android firmware that incorporates these fixes should have a security patch level string of February 1, 2016 or later.

The company will also publish these patches to the Android Open Source Project so that other Android-based operating systems such as CyanogenMod can integrate them.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments