Special Offers


Breaking News
recent

WHICH CRITICAL VULNERABILITIES FIXES IN MAY SECURITY UPDATE For Nexus and Android One


Google security team works very hard to find and fixes the Nexus devices and Android One Devices Vulnerabilities. Critical, Moderate and High Vulnerabilities fixes in May Security Update which is described in below. Nexus 9 have some major critical issues regarding its NVDIA Graphic card.
Google Released May Security update for its Nexus Devices and Android One Devices, what is changes or security fixes for Nexus or Android One Devices let's see:-

Nexus-Devices-May-Security-Update

PIXEL C AND ALL NEXUS DEVICES (6.0.1) :-  vulnerability in Binder could allow a local malicious application to execute arbitrary code within the context of another app’s process, Bluetooth could allow a proximal attacker to execute arbitrary code during the pairing process,  in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of an elevated system application, in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. This issue is rated as High severity because it could be used to gain elevated capabilities, Conscrypt could allow an local application to believe a message was authenticated when it was not, OpenSSL and BoringSSL could enable a local malicious application to access data outside of its permission levels, in Wi-Fi could enable a guest account to modify the Wi-Fi settings that persist for the primary user,

NEXUS 6P:- vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel,  in the Qualcomm buspm driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

NEXUS 5X :- vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel, the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity, Qualcomm buspm driver could enable a local malicious application to execute arbitrary code within the context of the kerneL.


NEXUS 6:-
 Qualcomm buspm driver could enable a local malicious application to execute arbitrary code within the context of the kerneL, kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity, Qualcomm TrustZone component could enable a secure local malicious application to execute arbitrary code within the context of the TrustZone kernel..

NEXUS 5 :- vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel, Qualcomm buspm driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

NEXUS 9 :- vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device, in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel, A remote code execution audio subsystem could enable a local malicious application to execute arbitrary code within the context of the kerneL,

NEXUS 7 :-  vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of an elevated system application, in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. This issue is rated as High severity because it could be used to gain elevated capabilities, Conscrypt could allow an local application to believe a message was authenticated when it was not, OpenSSL and BoringSSL could enable a local malicious application to access data outside of its permission levels,

ANDROID ONE :- vulnerability in the MediaTek Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel, MediaTek Wi-Fi driver could enable a local malicious application to cause a denial of service. Normally an elevation of privilege bug like this would be rated High, but because it requires first compromising a system service, it is rated as Moderate severity.TrustZone component could enable a secure local malicious application to execute arbitrary code within the context of the TrustZone kernel
Android-one-May-Security-update

Amol Kamble

Amol Kamble

No comments:

Post a Comment

Amol kamble. Powered by Blogger.