Android security alert: Google’s latest bulletin warns of 47 bugs, 10 critical


网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
Google has published its Android security bulletin for December, warning of 47 bugs across the operating system.
Tech Pro Research
IT leader’s guide to the threat of fileless malware
Network security policy
Lunch and learn: BYOD rules and responsibilities
Guidelines for building security policies
Security awareness and training policy
Ten of the vulnerabilities are rated ‘critical’ in their potential impact, the most severe type of bug, while the other 37 are rated as ‘high’ priority.
Google said it had split the vulnerabilities into two patch levels in its alert, so that Android smartphone makers can fix a subset of vulnerabilities that are similar across all Android devices more quickly, should they want to.
But it warned: “Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.” It recommended that they bundle the fixes for all the issues they are addressing in a single update.
Google said among the most severe of these flaws is a critical security vulnerability in the media framework that could enable a remote attacker, using a specially crafted file, to execute arbitrary code within the context of a privileged process.Google is urging Android device makers to fix all the issues in its December security bulletin.
Image: Getty Images
The first group of 19 vulnerabilities, 2017-12-01, also includes a flaw in the framework section, which could enable a local malicious application to bypass user interaction requirements to gain access to additional permissions. Under system, the worst bug could allow a “proximate attacker” to execute arbitrary code within the context of a privileged process.
The second group of 27 bugs, 2017-12-05, security patch level includes under kernel components a vulnerability that could allow local malicious applications to execute arbitrary code.
There are also vulnerabilities in MediaTek and Nvidia components that could let a local malicious app execute arbitrary code within the context of a privileged process. The bulletin also lists nine vulnerabilities in Qualcomm components and nine vulnerabilities in Qualcomm closed-source components.
These bugs won’t come as a surprise to the makers of Android smartphones. Google’s partners are notified of all issues at least a month before publication. Source-code patches for these issues will be released to the Android Open Source Project repository in the next 48 hours.
Google said exploiting issues on Android is made more difficult by features in newer versions of the Android platform: “We encourage all users to update to the latest version of Android where possible.”
我们不能阻止数据流向云计算,也难阻挡员工私人计算终端用于工作,所以要让用户保障组织的安全确实是个很大的挑战。
However, not all Android makers feel that updating old hardware to the newest version of Android is a particular priority, leaving many smartphones languishing on older and therefore less secure versions.Previous and related coverage Android’s big problem: Over a billion devices are more than two years out of date Android’s rapid growth and update challenges have left over one billion devices running very out of date software. Android security triple-whammy: New attack combines phishing, malware, and data theft Attacks on three fronts ensure attackers have all the information they need to steal banking details in the latest evolution of the Marcher malware, warn researchers. Google says these are the best Android apps of 2017 but do you agree? Google names most popular and best Android apps of the year.Read more on Android securityGoogle names 42 Android devices with users running security updates from last two monthsAndroid Oreo: Google adds in more Linux kernel security featuresGoogle Play Protect rolling out to Android devices for better securityAmazon’s app store compromises Android securityMost Android users running outdated security patches: report (CNET)iOS and Android security: A timeline of the highlights and the lowlights (TechRepublic)
Related Topics:
Enterprise Software
Security TV
Data Management
处理旧电脑的时候,这些电脑里的数据需要得到合理的清除,要加强电脑等电子设备的安全报废管理,为了环保,可以捐献出一些旧的电脑,但在捐献之前一定要对数据进行彻底删除。

猜您喜欢

天津滨海新区25家技术先进型服务企业获认定
网络安全公益短片之高级持续性威胁APT防范基础
网络安全法培训短片
南京大屠杀幸存者携家人祭奠罹难亲人
CARBURANTGRATUIT THEDAILYDIGEST
网络安全意识公开课