Android security alert: Google’s latest bulletin warns of 47 bugs, 10 critical

Google is urging Android device makers to fix all the issues in its December security bulletin.
Getty Images
手机实名制正式实施,落实起来,却路途漫长,似乎阻力重重,它的目的是为了解决在手机上前阵子泛滥“黄毒”和各种垃圾短信以及诈骗信息。这可以有效打击各类犯罪,有利于掌握证据。
Google has published its Android security bulletin for December, warning of 47 bugs across the operating system.

Ten of the vulnerabilities are rated ‘critical’ in their potential impact, the most severe type of bugs, while the other 37 are rated as ‘high’ priority.
Google said it had split the vulnerabilities into two patch levels in its alert, so that Android smartphone makers can fix a subset of vulnerabilities that are similar across all Android devices more quickly, should they want to.
But it warned: “Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.” It recommended that they bundle the fixes for all the issues they are addressing in a single update.
Google said among the most severe of these flaws is a critical security vulnerability in the media framework that could enable a remote attacker, using a specially crafted file, to execute arbitrary code within the context of a privileged process.
The first group of 19 vulnerabilities, 2017-12-01, also includes a flaw in the framework section, which could enable a local malicious application to bypass user interaction requirements to gain access to additional permissions. Under system, the worst bug could allow a “proximate attacker” to execute arbitrary code within the context of a privileged process.
The second group of 27 bugs, 2017-12-05, security patch level includes under kernel components a vulnerability that could allow local malicious applications to execute arbitrary code.
There are also vulnerabilities in MediaTek and Nvidia components that could let a local malicious app execute arbitrary code within the context of a privileged process. The bulletin also lists nine vulnerabilities in Qualcomm components and nine vulnerabilities in Qualcomm closed-source components
These bugs won’t come as a surprise to the makers of Android smartphones. Google’s partners are notified of all issues at least a month before publication. Source-code patches for these issues will be released to the Android Open Source Project repository in the next 48 hours.
Google said exploiting issues on Android is made more difficult by features in newer versions of the Android platform: “We encourage all users to update to the latest version of Android where possible.”
However, not all Android makers feel that updating old hardware to the newest version of Android is a particular priority, leaving many smartphones languishing on older and therefore less secure versions.Previous and related coverageAndroid’s big problem: Over a billion devices are more than two years out of date Android’s rapid growth and update challenges have left over one billion devices running very out of date software.Android security triple-whammy: New attack combines phishing, malware, and data theft Attacks on three fronts ensure attackers have all the information they need to steal banking details in the latest evolution of the Marcher malware, warn researchers.Google says these are the best Android apps of 2017 but do you agree? Google names most popular and best Android apps of the year.
安泰科技控股子公司成立合资公司
Related Topics:
Enterprise Software
Security TV
Data Management
在互联网上,我们得应对来自全球的黑客组织,特别是更加了解我们的来自国内的黑客。

猜您喜欢

瞄准千亿气象市场,坤舆天气想做国内首家气象量化金融风险管理平台
用黑客的手段来进行安全管理
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
世界互联网大会:马化腾深夜现身乌镇景区 被热情游客拍到直摇手
MILAULAS LILLESTOLRESEARCH
针对全员的ISO14001体系在线动画培训问世