[Androidme2018]- As part of the March 2017 Android security update, Google released a specific patch to CVE-2017-0510 to resolve a critical vulnerability that was discovered in the Nexus 9 tablet. The most interesting aspect of this vulnerability was the source, which even those working in the security field thought was very unusual: headphones.
Google Nexus 9 review: a glass half full
Best Android antivirus and mobile security apps
Researchers at Aleph Research, a team of ex-IBM researchers, discovered that both the Fast Interrupt Request (FIQ) Debugger and HBOOT could be accessed on the Nexus 9 via the headphone jack. This is the result of multiplexed wired functionality, which is present in several smartphones but had largely been confined to USB ports.
Reported vulnerabilities in the Nexus 9 have been resolved. © AndroidPIT
They have described the security flaw as being an escalation of privilege vulnerability in the kernel FIQ debugger, which could allow a malicious application to execute arbitrary code within the context of the kernel. The team also found that the attack vector could be used to leak sensitive information and could significantly weaken ASLR. Overall, the issue could lead to a local permanent device compromise, so users would be forced at some point or another to re-flash the operating system to repair the device.
Opinion by Angela PalmerMonthly security updates are essential
What do you think?
50503 participants
Happily, Google has resolved the issue with the latest Android security update. The capabilities of the FIQ Debugger have now been reduced, so it's no longer possible for any malicious programs to exploit this vulnerability.
Have you received the latest Android security update for your Nexus 9? Are you concerned there may be further vulnerabilities? Let us know in the comments below.
Source: Aleph Research
Thank You Very Much - Androidme2018
Google Nexus 9 review: a glass half full
Best Android antivirus and mobile security apps
Researchers at Aleph Research, a team of ex-IBM researchers, discovered that both the Fast Interrupt Request (FIQ) Debugger and HBOOT could be accessed on the Nexus 9 via the headphone jack. This is the result of multiplexed wired functionality, which is present in several smartphones but had largely been confined to USB ports.
Reported vulnerabilities in the Nexus 9 have been resolved. © AndroidPIT
They have described the security flaw as being an escalation of privilege vulnerability in the kernel FIQ debugger, which could allow a malicious application to execute arbitrary code within the context of the kernel. The team also found that the attack vector could be used to leak sensitive information and could significantly weaken ASLR. Overall, the issue could lead to a local permanent device compromise, so users would be forced at some point or another to re-flash the operating system to repair the device.
Opinion by Angela PalmerMonthly security updates are essential
What do you think?
50503 participants
Happily, Google has resolved the issue with the latest Android security update. The capabilities of the FIQ Debugger have now been reduced, so it's no longer possible for any malicious programs to exploit this vulnerability.
Have you received the latest Android security update for your Nexus 9? Are you concerned there may be further vulnerabilities? Let us know in the comments below.
Source: Aleph Research
Thank You Very Much - Androidme2018
0 Response to "Best Nexus 9: critical vulnerability discovered and resolved -Androidme2018"
Post a Comment