A Google Android patch has been released that identifies and fixes a total of 37 vulnerabilities–four of which are marked as severe. The most critical of these flaws is a vulnerability in the Media framework that would allow an attacker access to execute arbitrary code with administrator privileges. Two of the other severe flaws allowed attackers to gain admin permissions and take control of a victim’s device. As of the time of this writing, there were no exploits found in the wild. These flaws were found through penetration testing, which is used by software designers to assess the effectiveness of the embedded security protocols. The other vulnerabilities patched were pertaining to the framework, library, media framework, Qualcomm components, and Qualcomm closed-source components. Partners of the Android system are generally notified of issues one month before the publication of a new patch update.
Analyst Notes
Android users are recommended to apply this security update as soon as possible. This can be done by tapping on the device screen System > Advanced > System Update. Once this is done the user should see the update status on their screen.
