Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Android
    • Android
    • Cybersecurity

    Google Patches Android for Stagefright in March Update

    By
    Sean Michael Kerner
    -
    March 8, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Android security

      Google is pushing out its March Android security update, providing users with security fixes for 19 vulnerabilities, of which four are rated critical, eight have high severity and two are rated moderate.

      Among the high-severity issues is CVE-2016-0824, an information-disclosure vulnerability in the much-maligned Android libstagefright (Stagefright) media library.

      Flaws in Stagefright were first publicly disclosed in July 2015 by Zimperium zLabs Vice President of Platform Research and Exploitation Joshua Drake. The initial Stagefright flaws have been followed in the months since with a near-continuous stream of subsequent Stagefright flaws patched in Google’s monthly update for Android. In fact, Google only began its monthly updates for Android in response to Stagefright in a bid to help bring patches to users faster.

      Though Google has already patched multiple Stagefright-related flaws to date, Andrew Blaich, lead security analyst at Bluebox Security, expects users to continue to see patches in Stagefright or related libraries.

      “These libraries are having a lot of eyes looking at them all of a sudden, and what we’re experiencing is a security audit being done in the wild at a global scale,” Blaich told eWEEK.

      Among the related libraries is the core Android mediaserver, which Google is patching this month for six different vulnerabilities. Two of the issues (CVE-2016-0815 and CVE-2016-0816) are identified as critical vulnerabilities in mediaserver that could lead to a potential remote-code execution.

      Another two issues (CVE-2016-0826 and CVE-2016-0827) are privilege escalation vulnerabilities in Android that Google rates as high-severity issues. Google has identified two more high-severity issues (CVE-2016-0828 and CVE-2016-0829) in mediaserver as information-disclosure vulnerabilities.

      Beyond Stagefright and its related Android media libraries, Google is now also finally getting around to updating Android for flaws that were patched in the upstream Linux kernel in 2015. Google identified the CVE-2016-0823 issue as a high-severity information disclosure vulnerability in the kernel, while CVE-2016-0821 is a high-severity mitigation bypass vulnerability in the kernel.

      The fact that there are Linux security vulnerabilities that have already been patched in the upstream kernel, but not in Android, isn’t surprising, Blaich said. “There are probably many patches like CVE-2016-0823 and CVE-2016-0821 that have not made it into Android yet that may have equal, if not worse, consequences,” Blaich said. “This is par for the course with Android.”

      Updating software takes time, especially when bringing patches from one project into another, Blaich said, adding that there is definitely room for improvement to get patches into Android faster, which then takes even longer to make it into the hands of consumers. Google makes its monthly patches freely available for supported Nexus device users.

      Google has publicly issued 123 fixes since it started the monthly Android security bulletin in August, Blaich explained.

      “However, while Nexus devices are receiving these fixes, non-Nexus devices are not getting them in a timely manner, if at all,” he said.

      Of the 123 fixes Google has issued since August, 45 percent have been critical. Blaich commented that this means that all of the unpatched Android devices are at risk of being compromised, exploited and having personal data stolen, sometimes remotely, without the attacker needing access to the device.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×