Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Android Latest Security Updates, More Than 100 Vulnerabilities Patched by Google

 

The search engine giant “Google” has patched around 107 security vulnerabilities of its Linux-based mobile operating systemAndroid”. In “Android Security Bulletin- 2017”, google has announced that an on-the-air (OTA) update has been released by the company. This update is for all the android based devices including Pixel and Nexus. Out of 107 security vulnerabilities, 35 have been rated by Google as “Critical Vulnerabilities”. The search engine giant released a partial security patch level string on 1st March 2017 and a complete security patch level string on 5th March 2017.

 

Security Update of 1st March 2017

It was a partial security update and Google has patched 36 security vulnerabilities in this update. From these 36 security flaws, 11 were critical security flaws, 15 were high severity security flaws, 9 were moderate and 1 was the low level security flaw.

 

 

11 Critical Security Vulnerabilities

All the 11 critical flaws were RCE (Remote Code Execution) security issues. 9 of them were related to Mediaserver, 1 was related to EoP (Elevation of Privilege) and another one was allowing attackers to exploit OpenSSL and BoringSSL. The attackers could exploit a Remote Code Execution to remotely hijack any Android device.

 

15 High Severity Security Vulnerabilities

  • 9 DoS (Denial of Service) Vulnerabilities in Mediaserver
  • 3 RCE (Remote Code Execution) Vulnerabilities in Messaging, Libgdx, and Framesequence
  • 2 EoP Vulnerabilities in EoP

 

9 Moderate and 1 Low-Level Security Vulnerability

  • 5 Elevation of Privilege (EoP) Vulnerabilities in Wi-Fi, Location Manager, System UI, and Package Manager.
  • 2 Information Disclosure Vulnerabilities in AOSP Messaging and Mediaserver
  • 2 DoS Vulnerabilities in Mediaserver and Setup Wizard
  • 1 Low-Level DoS Security Flaw in Audioserver

 

Security Update of 5th March 2017

Google has patched 71 security vulnerability in this second security update. It was a complete security update. Out of these 71 security vulnerabilities, 24 were critical, 32 were high-risk vulnerability, 14 were moderate and 1 was low-risk security vulnerabilities. The details are as given below:

 

24 Critical Vulnerabilities

  • 19 Elevation of Privilege (EoP) Vulnerabilities ( 5 in NVIDIA GPU Driver, 7 in MediaTek Components, 1 in Broadcom Wi-Fi Driver, 2 in Kernel ION subsystem, 1 in Qualcomm GPU driver, 1 in Broadcom Wi-Fi Driver, 1 in-kernel networking subsystem and 1 in kernel FIQ debugger)
  • 5 Security Vulnerabilities in various Qualcomm components.

 

32 High Severity Vulnerabilities

  • 25 Elevation of Privilege (EoP) Vulnerabilities in Kernel Networking Subsystem, MediaTek Hardware Sensor Driver, Qualcomm Fingerprint Sensor Driver, Qualcomm Camera Driver, Qualcomm Wi-Fi Driver, Qualcomm IPA Driver, NVIDIA GPU Driver, Kernel Security Subsystem, Qualcomm input hardware driver, Qualcomm ADSPRPC driver, Qualcomm Crypto Engine Driver, MediaTek APK, Synaptics Touchscreen Driver, HTC Sensor Hub Driver, Qualcomm Networking Driver and Qualcomm SPCom Driver.
  • 6 Information Disclosure vulnerabilities in MediaTek Driver, Qualcomm Power Driver,  Kernel Networking Subsystem, Qualcomm bootloader, NVIDIA GPU driver.
  • 1 DoS vulnerability in Kernel Cryptographic Subsystem.

 

14 Moderate Security Flaws

  • 13 Information Disclosure security flaws in MediaTek Video Codec Driver, Qualcomm Camera Driver, Synaptics Touchscreen Driver, Qualcomm Wi-Fi Driver, Qualcomm Video Driver, HTC Sound Codec Driver and Kernel USB gadget driver.
  • 1 EoP security flaw in Qualcomm camera driver.

 

1 Low-Level Security Vulnerability

  • It was an information disclosure vulnerability in Qualcomm camera driver of all android devices.

 

Conclusion:

The Google has released an OTA update for all the android based devices (Nexus, Pixel, and Android One) to patch these security vulnerabilities. An on-the-air update has no need of user interaction because the company can automatically install new updates on all devices. Stay tuned with us for more updates.

 

Also Read:

Android Ghost Push Malware is Infecting 600,000 Devices Every day!

Data of Android Users is Under Threat, Just Because Of Qualcomm Software!

Tips for Android phone users!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.