As we all know that Android is a mobile operating system (OS) currently developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. Android has the largest installed base of all operating systems of any kind and recently Google which is an American multinational technology company specializing in Internet-related services and products, fixed 40 vulnerabilities in its mobile operating system Android.
Google Fixed 40 Vulnerabilities In Android
[dropcap]This[/dropcap] week Google has released the May update for its mobile operating system Android, which fixed 40 vulnerabilities, including a critical and dangerous flaw. Security problems also affected all the supported Google Nexus devices (Google Nexus is a line of consumer electronic devices that run the Android operating system).
Critical rating received vulnerabilities in Android Media server (CVE-2016-2428 and CVE-2016-2429), allowing to remotely execute code in the context of Mediaserver service. The list also includes the critical vulnerabilities in Qualcomm TrustZone (CVE-2016-2431 and CVE-2016-2432), Android debugger (CVE-2016-2430), Wi-Fi driver from Qualcomm (CVE-2015-0569 and CVE-2015 -0570), NVIDIA video driver (CVE-2016-2434, CVE-2016-2435, CVE-2016-2436 and CVE-2016-2437) and in the nucleus (CVE-2015-1805), allowing to elevate privileges.
Vulnerabilities are also found in the kernel (CVE-2016-2438) and Bluetooth (CVE-2016-2439), which received the highest rating of danger, and allow you to remotely execute arbitrary code. But, With the help of the Qualcomm Tethering Controller (CVE-2016-2060) the vulnerability can expose.
The list of the dangerous vulnerabilities were also in Binder (CVE-2016-2440), Qualcomm Buspm drivers (CVE-2016-2441 and CVE-2016-2442), MDP (CVE-2016-2443) and Wi-Fi (CVE-2015- 0571), NVIDIA video driver (CVE-2016-2444, CVE-2016-2445 and CVE-2016-2446), Mediaserver (CVE-2016-2448, CVE-2016-2449, CVE-2016-2450, CVE-2016-2451 and CVE-2016-2452) and the driver MediaTek Wi-Fi (CVE-2016-2453). With their help, the attacker can increase the privileges and the vulnerability in Qualcomm Hardware Codec (CVE-2016-2454) allows the remote denial of service.
By exploiting the vulnerability in the kernel (CVE-2016-0774) the attacker Moe Zht cause a denial of service. Hence, all the problems except for the CVE-2016-2060, which affects the Nexus devices which are a line of consumer electronic devices from Google that runs the Android operating system and the remaining vulnerabilities are marked as medium risk.