Google Pushes Out Flaw Fixing Android Security Patch

Google has pushed out an update for Android to fix a slew of cyber security holes, inducing a number of remote code execution vulnerabilities.

The July security patch notably plugs vulnerabilities that surface when files like images and videos are processed by the mobile operating system for display. and enable the execution of arbitrary code.

“The most severe of these issues is a critical security vulnerability in media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google’s patch notes explained.

“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”

Patching away

The patch also fills a vulnerability in the code used for Wi-Fi connectivity in Android devices sporting wireless chips from Broadcom.

The security flaw had opened up such devices to potential traps set by hackers within Wi-Fi range, who could have sent malicious network packets to the Wi-Fi chip to exploit the flaw and gain kernel level control over the infected device.

Such attacks are particularly dangerous to infected devices as they effectively get to the heart of Android and wreak havoc from there.

The patch also contained fixes with bugs that affect Qualcomm components commonly found in Android devices, and tackled flaws relating to Nvidia and MediaTek components.

Over-the-air updated will be pushed out to Google’s own range of handsets, such as the Pixel XL, while other phone companies will be able to get the update from the Google Developer website.

As ever, Android appears to be constantly targeted by cyber attacks, but Google appears to be working on making its mobile OS more secure.

Are you a security pro? Try our quiz!