What January Security Update Really Fix??



antivirus for android
stagefright detector application 

Google Recently Available January Security Update Factory Images For its Nexus Devices. But,
common question asked from Google plus, Facebook and other communities? what's the Difference or change after updating.?

Here i am providing some basic information about Stagefright January risk on android operating system. The Common Vulnerability and Exposures ID (CVE), and their assessed severity. Theseverity assessment is based on the effect that exploiting the vulnerability would have on an affected device, assuming the platform and service mitigations are disabled for development purposes or if successfully bypassed.

Remote Code Execution Vulnerability in MediaserverThis issue is rated as a Critical severity due to the possibility of remote code execution within the context of the mediaserver service. The mediaserver service has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6636ANDROID-25070493Critical5.0, 5.1.1, 6.0, 6.0.1Google Internal
ANDROID-24686670Critical5.0, 5.1.1, 6.0, 6.0.1Google Internal

Elevation of Privilege Vulnerability in misc-sd driver
This issue is rated as a Critical severity due to the possibility of a local permanent device compromise, in which case the device would possibly need to be repaired by re-flashing the operating system.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6637ANDROID-25307013Critical4.4.4, 5.0, 5.1.1, 6.0, 6.0.1Oct 26, 2015

Elevation of Privilege Vulnerability in the Imagination Technologies driverThis issue is rated as a Critical severity due to the possibility of a local permanent device compromise, in which case device would possibly need to be repaired by re-flashing the operating system.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6638ANDROID-24673908Critical5.0, 5.5.1, 6.0, 6.0.1Google Internal

Elevation of Privilege Vulnerabilities in Trustzone
This issue is rated as a Critical severity due to the possibility of a local permanent device compromise, in which case the device would possibly need to be repaired by re-flashing the operating system.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6639ANDROID-24446875Critical5.0, 5.1.1, 6.0, 6.0.1Sep 23, 2015
CVE-2015-6647ANDROID-24441554Critical5.0, 5.1.1, 6.0, 6.0.1Sep 27, 2015

Elevation of Privilege Vulnerability in Kernel
This issue is rated as a Critical severity due to the possibility of a local permanent device compromise, in which case the device would possibly need to be repaired by re-flashing the operating system.
CVEBug(s) with AOSP LinkSeverityUpdated versionsDate reported
CVE-2015-6640ANDROID-20017123Critical4.4.4, 5.0, 5.1.1, 6.0Google Internal

Elevation of Privilege Vulnerability in Bluetooth
This issue is rated as High severity because it could be used to gain “dangerous” capabilities remotely, these permissions are accessible only to third-party applications installed locally.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6641ANDROID-23607427High6.0, 6.0.1Google Internal

Information Disclosure Vulnerability in Kernel
These issues are rated as High severity because they could also be used to gain elevated capabilities, such as Signature or SignatureOrSystem permissions privileges, which are not accessible to third-party applications.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6642ANDROID-24157888High4.4.4, 5.0, 5.1.1, 6.0Sep 12, 2015


Elevation of Privilege Vulnerability in Setup Wizard
This issue is rated as Moderate severity because it could be used to improperly work around the factory reset protection.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6643ANDROID-25290269Moderate5.1.1, 6.0, 6.0.1Google Internal

Elevation of Privilege Vulnerability in Wi-Fi
This issue is rated as Moderate severity because it could be used to gain “normal” capabilities remotely, these permissions are accessible only to third-party applications installed locally.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-5310ANDROID-25266660Moderate4.4.4, 5.0, 5.1.1, 6.0, 6.0.1Oct 25, 2015

Information Disclosure Vulnerability in Bouncy Castle
This issue is rated as Moderate severity because it could be used to improperly gain “dangerous” permissions.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6644ANDROID-24106146Moderate4.4.4, 5.0, 5.1.1, 6.0, 6.0.1Google Internal

Denial of Service Vulnerability in SyncManager
This issue is rated as Moderate severity because it could be used to cause a local temporary denial of service that would possibly need to be fixed though a factory reset.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6645ANDROID-23591205Moderate4.4.4, 5.0, 5.1.1, 6.0Google Internal

Attack Surface Reduction for Nexus KernelsSysV IPC is not supported in any Android Kernel. We have removed this from the OS as it exposes additional attack surface that doesn’t add functionality to the system that could be exploited by malicious applications. Also, System V IPCs are not compliant with Android's application lifecycle because the allocated resources are not freeable by the memory manager leading to global kernel resource leakage. This change addresses issue such as CVE-2015-7613.
CVEBug(s)SeverityUpdated versionsDate reported
CVE-2015-6646ANDROID-22300191Moderate6.0Google Internal

Previous Post Next Post