13 critical remote code execution bugs fixed in September Android update

Discussion in 'mobile device security' started by Minimalist, Sep 6, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,411
    Location:
    Slovenia
  2. SorenStoutner

    SorenStoutner Registered Member

    Joined:
    Sep 29, 2017
    Posts:
    5
    Location:
    Arizona
    Interesting that there is no specific mention of fixing the BlueBorne vulnerability, which is included in the September patch. Perhaps the fixing of the Broadcom Wi-Fi driver actually applied to both their Wi-Fi and Bluetooth drivers.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    That sounds like a lot of updates. Does Android normally release that many critical security updates? I don't keep up with them too much other than knowing they have been plagued with malware lately.
     
  4. SorenStoutner

    SorenStoutner Registered Member

    Joined:
    Sep 29, 2017
    Posts:
    5
    Location:
    Arizona
    From the article, "Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September release of its Android Security Bulletin on Tuesday."

    "The 13 critical vulnerabilities mark a slight uptick over July, when Google addressed 11 critical bugs, and August when it patched 10 critical RCEs."

    So not significantly higher than normal. Also from the article, "Google says it hasn’t received any reports the vulnerabilities fixed this month have been exploited". So these are proactive fixes.

    I wouldn't really say that Android has been plagued with malware lately. I do not personally know anyone who has ever been infected with a piece of Android malware that did anything more serious than produce spamy notifications (adware). Those problems are simply solved by removing the offending app. However, it is true that Android malware exists, that some of it makes it onto the Play store, and that some of it is serious. The same can be said of iOS.
     
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Something no one discusses or mentions in any of the articles about this.
    Seven months after Armis Labs publicly announced the Blueborne vulnerability and much longer than that since they privately disclosed it to the industry, mobile devices that contain this massive vulnerability and that will never be patched are still being sold all over America to this very day!!
    I just bought one to test this before I posted about it.
    The device I bought is a prepaid phone by ZTE. I checked the ZTE website. There is no patch for that device.
    I downloaded the Blueborne vulnerability scanner app by Armis Labs (the research team who announced the vulnerability last September).
    The scanner detected the ZTE phone as unpatched and vulnerable to Blueborne.
    I very much doubt this is limited to ZTE, it just happened to be the one I picked up in the store.
    How can it not be illegal to sell devices that have a known security vulnerability that is unpatched and for which there is no patch available?
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,724
    Location:
    U.S.A. (South)
    Thank You a ton for making mention of that.

    I have no idea why on earth they fling out sales of such products with full knowledge of it as you so politely point out.
     
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    You can test your Android devices, look for Blueborne scanner by Armis Labs on Google Play.
     
  8. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    I really did say that politely didn't I? I must be getting sick or something. I don't usually consider companies that do such things worthy of politeness.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.