Google released possibly its final Android security update for 2017. The latest patch addresses at least 42 different vulnerabilities which includes 11 flaws in the media framework (five are critical remote code execution issues).
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.
Libmedia and libstagefright components of the Android media framework is patched in every single security update provided by Google since August 2015. Google provided update every single month after the Stagefright vulnerability which was first publicly disclosed at Black Hat USA 2015.
“The state of the union for Android security is strong and I have spent time making sure it stays strong,” Adrian Ludwig said, the man who runs Android security for Google. “It’s not just about building a safe; it’s about building something that can react and respond to security quickly.”
In this new update, the critical remote code execution flaw in the system component is also addressed.
“We’re updating all Nexus devices — the Nexus 4, 5, 6, 7, 9 and 10 and even the Nexus players — and we’re patching for libstagefright,” Ludwig said. “This is the single largest mobile software update the world has ever seen.”
Security support will extend for three years from a time Nexus device appears in the market.
“The industry has looked at recent events and realized that it needs to move fast, and we need to tell people what we’re doing,” Ludwig said.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.
Ludwig also mentioned that, “We’re taking an aggressive stance to see if an application is doing something wrong, and we’re working with the developers and the development process to make it right.”
___________________________________________________________________________________
AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.