Latest in Gear

Image credit:

Google fixes two serious Android security flaws

It also gave the boot to apps that posed a security risk.
Jon Fingas, @jonfingas
September 10, 2016
Share
Tweet
Share

Sponsored Links

Kiyoshi Ota/Bloomberg via Getty Images

Google's mobile security team has definitely been busy cleaning house this week. The company has released an Android update that closes two security holes that could pose a major threat if intruders found a way to exploit them. The first was only designed for "research purposes" and would only have been malicious if modified, Google tells Ars Technica, but it wouldn't have been hard to detect or weaponize.

The other flaw behaved similarly to the well-known Stagefright exploit, letting an attacker send an altered JPEG image through Gmail or Google Talk to hijack your phone. The issue, as SentinelOne researcher Tim Strazzere explains to Threatpost, is that it's both easy to find and capitalize on this vulnerability.

There's more. Security company Check Point also revealed that Google Play had been hosting apps containing two forms of malware (CallJam and DressCode). CallJam both steered phones to websites that made bogus ad revenue and, if you granted permission, would call paid phone numbers. DressCode would also visit shady ad sources, but it could also compromise local networks. Google has since removed the offending apps, but the infection rate may have been high when users downloaded the software hundreds of thousands (or in a few cases, millions) of times.

While the likelihood of running into this malware is relatively small, it underscores an issue with timely Android security updates. Only Nexus owners get first crack at the fixes -- most everyone else will have to wait, provided they're in line in the first place. Google's monthly security updates help, but this won't do much if your phone maker either hasn't committed to those updates or has left you running an older Android version that can't get those patches. You may have to either be patient for a more conventional update or move to a newer device if you're determined to stay current.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

iPhone 12 teardown reveals how 5G has changed things

iPhone 12 teardown reveals how 5G has changed things

View
What we bought: Our favorite USB-C chargers

What we bought: Our favorite USB-C chargers

View
A massive spam attack is ruining public 'Among Us' games

A massive spam attack is ruining public 'Among Us' games

View
Custom PS5 covers are already a thing

Custom PS5 covers are already a thing

View
Amazon Echo Dot (2020) review: Well-rounded in every sense

Amazon Echo Dot (2020) review: Well-rounded in every sense

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr