Menu
Google fixes critical Wi-Fi and media-processing flaws in Android

Google fixes critical Wi-Fi and media-processing flaws in Android

Attackers could compromise devices with Broadcom Wi-Fi chips over the wireless network

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.

The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel's memory and allow for the execution of arbitrary code in the kernel -- the highest privileged area of the operating system.

These flaws are critical because the attack doesn't require any user interaction, can be exploited remotely and can lead to a complete device compromise.

The driver for Wi-Fi chips from Qualcomm also had a critical vulnerability that could result in arbitrary code execution with kernel privileges. However, it could only be exploited by a locally installed application.

Finally, a third vulnerability was located in the Wi-Fi component and could be exploited by a local application to execute code with system privileges. This vulnerability was rated as high.

Google's new patches also fix two critical remote code execution vulnerabilities in mediaserver, a component that handles audio and video file parsing, one critical flaw in Qualcomm's performance event manager component for ARM processors and one in the Debugger daemon component.

The vulnerabilities in the Qualcomm performance module and Debuggerd could be exploited by local applications and the flaw in mediaserver could be exploited through specially crafted media files loaded from websites or embedded into multimedia messages.

The company also fixed high-impact vulnerabilities in libraries including mediaserver and libmediaplayerservice, and two moderate flaws in setup wizard. These flaws could lead to denial of service, information disclosure, privilege escalation and security bypasses.

Google shared information about these flaws with its OEM partners on Jan. 4 and released firmware updates for its Nexus devices Monday. Android firmware that incorporates these fixes should have a security patch level string of February 1, 2016 or later.

The company will also publish these patches to the Android Open Source Project so that other Android-based operating systems such as CyanogenMod can integrate them.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments