× Welcome to SGCyberSecurity forum!

Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.

Topic-icon Google issued an emergency patch for critical CVE-2015-1805 flaw

50 years 6 months ago #1733 by o_1do1do

that's really a big flaw. =(

Please Log in or Create an account to join the conversation.

4 years 3 months ago #1713 by o_icemanssl22

Google has already blocked the installation of software that triggers the flaw, both within Google Play and outside of Google Play, through Verify Apps.

Ÿ??We already block installation of rooting applications that use this vulnerability Ÿ?? both within Google Play and outside of Google Play Ÿ?? using Verify Apps, and have updated our systems to detect applications that use this specific vulnerability.Ÿ? states the advisory issued by Google.Ÿ?To provide a final layer of defense for this issue, partners were provided with a patch for this issue on March 16, 2016. Nexus updates are being created and will be released within a few days. Source code patches for this issue have been released to the Android Open Source Project (AOSP) repository.Ÿ?

Google warns owners of vulnerable devices that could be permanently compromised by exploiting the flaw and in some circumstances, it could be necessary a re-flash of the operating system in order to remove malicious applications.

Ÿ??An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel. This issue is rated as a Critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system.Ÿ? continue the advisory.

Google has collected evidence of this vulnerability being abused on a Nexus 5 using a publicly available rooting tool, but there is no malicious exploitation of the security flaw.

Google created Nexus updates that will be released within a few days, the company has already notified its partners on this security vulnerability.

Ÿ??Source code patches for this issue have been released to the Android Open Source Project (AOSP) repository.Ÿ? states the advisory.

To mitigate the risk of exposure, users should have on their Android devices a security patch level of March 18, 2016, or a security patch level of April 2, 2016 and later.

source.android.com/security/advisory/2016-03-18.html

Please Log in or Create an account to join the conversation.