The last security update, Android has become the largest

Earlier this week Google released the may update security Android. According to the search giant published the report, it was the largest security patch ever. The official list of fixed vulnerabilities was so big that it had to be split into two separate “level”. The first patch may 1 contains a list of more than 100 security vulnerabilities common to all Android devices, while a second patch from 5 may contain additional fixes for the hardware drivers and kernel components that are present only in some devices.

In the latest update security, Google has fixed six critical vulnerabilities in Mediaserver component Android with special privileges, which is responsible for handling images and videos. One of them allows attackers to cause memory corruption during processing of a media file and other data. In other words, users could be deceived by the offer to download a specially crafted media file on your device. These files can also be distributed through email or instant messengers. The mistake was discovered in early January, and is up to date from Android 4.4.4 KitKat to Android 7.1.2 Nougat. Also, a vulnerability was discovered in Android API Framework, allowing malicious applications to access user permissions.

In addition to the above vulnerabilities, the patch 5 may also contains fixes for eight bugs at high risk, five moderate and large number of vulnerabilities with low severity. Some of them were also in the component Mediaserver.

The report also reported about the vulnerability in encryption files in Android Nougat 7.0 and later versions. This feature allows different files to be encrypted and unlocked using a separate key. Found error allows an attacker to bypass the protection c OS lock screen.

Among the other critical vulnerability is one that is associated with the Bluetooth and allow the malicious app to bypass the security system, which isolates app data. Two are errors related to SSL software libraries which allow an attacker to remotely gain access to sensitive information. Another vulnerability has been discovered in GIFLIB-a library used for the Android read and write images in GIF format.

In patch security 5 may also fixed a critical vulnerability discovered in the driver’s touch screen MediaTek, bootloader Qualcomm and Motorola, NVIDIA video driver, power controller Qualcomm, kernel subsystems and sound on Nexus 5X/6/6P/9 and Pixel. They can be used by an attacker to execute malicious code at the kernel level, which leads to complete and permanent compromise of the user’s device. In most cases, to recover from this attack will need to re-flash.

It is worth remembering that Google releases security updates for their own Nexus devices and Pixel. The company provides all the fixes to third-party manufacturers, who must upgrade their devices.

Source: fudzilla.com