Android security update critical vulnerabilities

Android security includes bulletin for may 2017 Google lists details on vulnerabilities for this month available patches. Nexus devices receive an automatic OTA security update, while factory images at Google’s Developer Web site are available. Hardware partners have been about the safety problems described informs on 3rd April 2017 or earlier.

(Bild: ZDNet.com)

a critical vulnerability that allows on affected devices remote code execution in various ways including email, Web browsing and MMS in the handling of media files is particularly serious. Google explains, however, that so far received no reports of active exploitation of the now revealed vulnerabilities. The bulletin again grouped the security patches in two levels, to allow manufacturing partners the flexible and rapid elimination of vulnerabilities that occur Android at all devices in a similar way.

as critically classified in the security patch level 1 may 2017 continues to be a flaw in the Framework APIs through which a local malicious application could obtain higher permissions. It is therefore dangerous, because go to allow general safeguards, isolate application data to other applications.

HIGHLIGHT

Android and the update problem

to the “mother of all security vulnerabilities” in 2015, the so-called stagefright-bug, the manufacturer promised improvement in the form of monthly security updates. However, there are only a few companies that have implemented this announcement into action.

in the media server as well as the audio server vulnerabilities with respect to elevated permissions were discovered, that could allow the execution of arbitrary code an application. So given the powers that are not normally accessible to a third-party application.

a denial-of-service vulnerability in the media server is also serious. An attacker could use an appropriately prepared file from a distance to bring a device to freeze or to trigger a restart.

a number of weaknesses were also classified with moderate or low risk. More critical vulnerabilities found but also in the security patch level 5 may 2017, which were often discovered in the drivers of individual manufacturers.

for its flagship models has also Samsung Meanwhile released a maintenance update in part of its monthly programme of security maintenance release (SMR). The Korean manufacturer’s collection includes patches up to Google’s may security bulletin and fixes 11 more vulnerabilities his own equipment, which risk was considered to be mediocre or low.

when smartphones will get the security updates?

Google has already released firmware image with the may security updates. Even OTA updates will be launched already. Users should receive the update in the near future so supported nexus smart phones.

 Android-security-updates for nexus devices (screenshot: ZDNet.de)

also for the Samsung flagships the updates should be soon available. Together with Sony and LG Samsung had promised after the stagefright gaps to deliver security updates monthly. But most of the time slightly longer, actually Galaxy users wait until they receive security updates, because the mobile phone provider control the update process itself. While in Germany, Vodafone regularly extradite updates, customers of other providers must usually slightly longer wait. Also at the free equipment, maintained by Samsung itself latency.

yet is the update situation at Samsung even more likely as well to describe if you look at other large manufacturers. LG there is no security update, for the G3 for quite some time while Samsung delivers yet updates for Galaxy S5 model published in about the same time. Users, where security is important, should take the update history of the manufacturer scrutinized in the new acquisition of a Smartphone.

Google and Samsung have promised at least their flagship models for two years with new versions of Android update. They support the delivery of security updates for three years.

Android security updates: LineageOS offers longer to get support as the manufacturer

to current security patches, users after this time remains still the way out of the installation of an alternative firmware like LineageOS. It supports Smartphones from the CyneogenMod project’s own Android ROM much longer with security updates and new versions of Android as the manufacturers of the phones. 7.1.2 including current security patches available as is Android, for example, for the 2011 published Galaxy SII. “For more articles on this topic

 LineageOS even older smartphones supplied with current security patches and versions of Android (image: ZDNet.de). LineageOS even older smartphones supplied with current security patches and new versions of Android (image : ZDNet.de).