The Project Zero team has discovered Google 11 serious vulnerabilities in Android version installed by Samsung on the Galaxy S6 edge . The Mountain View company develops the source code of the operating system and releases monthly updates to fix security flaws. Samsung, like other manufacturers, edit the stock version of Android adding its applications and with them a number of bugs that can be exploited to execute malicious actions for users.
Researchers We have reviewed the Samsung smartphone to assess the difficulties associated with the discovery of the vulnerability, what kind of bug is present in the code, and if the security technologies included in AOSP (Android Open Source Project) may hinder the development of exploits. The team also checked the time taken to fix vulnerabilities (Google releases monthly patches for its Nexus). In a single week we were found 11 safety problems on the device of the Korean manufacturer.
The most severe vulnerability has been identified in the service WifiHs20UtilityService making scanning of the file system to try to unpack zip files. Since the API does not check the path to the file, an attacker could install an infected file in any position with elevated privileges. Other bugs were discovered in the email client, the driver and the parser of the images.
The vulnerabilities are promptly reported to Samsung. Eight were corrected with the update of October, while the patch for the other three will be distributed in the coming days. Google has however appreciated the speed with which the manufacturer has solved the problems.
No comments:
Post a Comment