Menu
Google fixes critical Wi-Fi and media-processing flaws in Android

Google fixes critical Wi-Fi and media-processing flaws in Android

Attackers could compromise devices with Broadcom Wi-Fi chips over the wireless network

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.

The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel's memory and allow for the execution of arbitrary code in the kernel -- the highest privileged area of the operating system.

These flaws are critical because the attack doesn't require any user interaction, can be exploited remotely and can lead to a complete device compromise.

The driver for Wi-Fi chips from Qualcomm also had a critical vulnerability that could result in arbitrary code execution with kernel privileges. However, it could only be exploited by a locally installed application.

Finally, a third vulnerability was located in the Wi-Fi component and could be exploited by a local application to execute code with system privileges. This vulnerability was rated as high.

Google's new patches also fix two critical remote code execution vulnerabilities in mediaserver, a component that handles audio and video file parsing, one critical flaw in Qualcomm's performance event manager component for ARM processors and one in the Debugger daemon component.

The vulnerabilities in the Qualcomm performance module and Debuggerd could be exploited by local applications and the flaw in mediaserver could be exploited through specially crafted media files loaded from websites or embedded into multimedia messages.

The company also fixed high-impact vulnerabilities in libraries including mediaserver and libmediaplayerservice, and two moderate flaws in setup wizard. These flaws could lead to denial of service, information disclosure, privilege escalation and security bypasses.

Google shared information about these flaws with its OEM partners on Jan. 4 and released firmware updates for its Nexus devices Monday. Android firmware that incorporates these fixes should have a security patch level string of February 1, 2016 or later.

The company will also publish these patches to the Android Open Source Project so that other Android-based operating systems such as CyanogenMod can integrate them.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments