Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Android
    • Android
    • Cybersecurity
    • Blogs
    • Security Watch

    Google Patches 13 Flaws in February Android Update

    By
    Sean Michael Kerner
    -
    February 2, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Android security

      Google has come out with its second security patch update for Android in 2016, this time patching 13 vulnerabilities in the mobile device operating system. Five of the vulnerabilities are rated by Google as having critical severity.

      Of the five critical vulnerabilities patched by Google, two (CVE-2016-0803 and CVE-2016-0804) are remote code execution vulnerabilities in Android’s mediaserver. The Android mediaserver has been the focus of Google security patches ever since the Stagefright flaw was first exposed in July 2015. As was the case in the January Android update, the new mediaserver flaws are not specifically in the libstagefright library, but they are in the same general area of Android’s architecture.

      “During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process,” Google warns in its security advisory.

      The Android mediaserver isn’t the only component of Android being patched for a remote code execution vulnerability in the February update. The Broadcom WiFi driver in Android is being patched for two critical vulnerabilities identified as CVE-2016-0801 and CVE-2016-0802.

      “Multiple remote execution vulnerabilities in the Broadcom Wi-Fi driver could allow a remote attacker to use specially crafted wireless control message packets to corrupt kernel memory in a way that leads to remote code execution in the context of the kernel,” Google warned.

      There is also a critical patch for a privilege escalation flaw in Qualcomm’s Android WiFi driver, identified as CVE-2016-0806. In addition, there is another critical privilege escalation flaw with the Qualcomm performance module.

      “An elevation of privilege vulnerability in the performance event manager component for ARM processors from Qualcomm could enable a local malicious application to execute arbitrary code within the kernel,” the Google advisory states.

      The final critical issue patched in the February update is a privilege escalation vulnerability in a debugging component of Android (technically referred to as the ‘debuggered‘ process), identified as CVE-2016-0807. This isn’t the first time that a flaw has been reported with the process, which helps to enable debugging of applications. Back in June 2015, security vendor Trend Micro reported an information disclosure flaw in the same debugging component.

      So far in 2016, Google’s monthly Android security updates have provided patches for 25 vulnerabilities. Google first began its monthly Android patch cycle in August of 2015, in the immediate aftermath of the initial Stagefright vulnerability disclosure.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×