Tutorial News Comments FAQ Related Articles

Google Patches 58 Android Vulnerabilities in February Security Update

android

Google released its second Android patch update of 2017 on Feb. 6, providing users of the mobile operating system with patches for 58 different vulnerabilities, up significantly from the 13 flaws Google fixed in its February 2016 Android update.

In the new February 2017 update, 8 vulnerabilities are rated by Google as critical. Among the critical vulnerabilities is CVE-2017-0405, which is a remote code execution vulnerability in the Android Surfaceflinger graphics library.

" A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing," Google warns in its advisory. " This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. "
The Surfaceflinger issue was reported by researchers Scott Bauer and Daniel Micay of Copperhead Security. Micay in particular is no stranger to reporting Android vulnerabilities and was credited back in October 2015 for reporting a security flaw that was dubbed ' Stagefright 2' at the time. The original Stagefright media server flaw was first disclosed in July 2015 and is the vulnerability that led to Google start its monthly patch process in August 2015.

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

what is Remote code execution vulnerability in libgdx?

A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library.

how to Elevation of privilege vulnerability in Java.Net?

An elevation of privilege in the Java.Net library could enable malicious web content to redirect a user to another website without explicit permission. This issue is rated as High because it is a remote bypass of user interaction requirements.

Information disclosure vulnerability in AOSP Mail?

An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

how to get Information disclosure vulnerability in Framework APIs?

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

what is Denial of service vulnerability in Bionic DNS?

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service.

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31040

Top Contributers

muhammadali

24500

Can you help Gibbson ?

How do i run both nginx and apache in same instance on centos

Hi...,

my server is based centos operating system and my webserver is already running on Apache.... i need to run both apache and nginx on same instance ... please help me to implement this concept...