The Fourth Android vulnerability detected, Is it safe to use?

 Fourth Android vulnerability detected, Is it safe to use? 

http://newsofcime.blogspot.com/

 

One when another vulnerability in golem has raised numerous questions about its safety. golem users square measure currently, thinking is it safe to use or not?

Researchers from Trend small, a security firm, have uncovered one more golem mediaserver vulnerability in its versions a pair of.3 to 5.1.1, that they need same, may permit attackers to run their code with an equivalent permissions that the mediaserver program already has as a part of its traditional routines.

However, Google has patched the vulnerability via the golem Open supply Project (AOSP).

According to the researchers, the vulnerability comes with the AudioEffect, a element of the mediaserver program. It uses associate unrestrained variable that comes from the consumer, that is sometimes associate app. so as to attack, the assaulter should convert the victim to put in associate app that doesn’t need any needed permissions, giving them a false sense of security.

“Since the mediaserver element deals with plenty of media-related tasks as well as taking footage, reading MP4 files, and recording videos, the privacy of the victim is also in danger. Devices with custom-made  versions of golem however with no modification created to the mediaserver element also are affected,” they same.

The researchers have steered that so as to dam the threat, the golem users will transfer Trend small Mobile Security (TMMS), which may discover threats making an attempt to use this vulnerability and running any of the eventualities conferred. they will conjointly boot their device mistreatment safe mode to uninstall the malicious app.

“We conjointly suggest that device makers patch their devices often to stop their users from littered with attacks that use this vulnerability,” they explained.

 it's same that the new flaw is kind of like those 3 alternative major vulnerabilities in Android’s mediaserver element that detected recently. CVE-2015-3823 may permit attackers to lure phones in endless reboots and ANDROID-21296336 might render devices silent. Lastly, CVE-2015-3824 dubbed Stagefright may be accustomed install malware through a multimedia system message

One after another vulnerability in Android has raised various questions about its safety. Android users are now, thinking is it safe to use or not?

Researchers from Trend Micro, a security firm, have uncovered yet another Android mediaserver vulnerability in its versions 2.3 to 5.1.1, which they have said, could allow attackers to run their code with the same permissions that the mediaserver program already has as part of its normal routines.

However, Google has patched the vulnerability via the Android Open Source Project (AOSP).

According to the researchers, the vulnerability comes with the AudioEffect, a component of the mediaserver program. It uses an unchecked variable which comes from the client, which is usually an app. In order to attack, the attacker must convince the victim to install an app that doesn’t require any required permissions, giving them a false sense of security.

“Since the mediaserver component deals with a lot of media-related tasks including taking pictures, reading MP4 files, and recording videos, the privacy of the victim may be at risk. Devices with customized versions of Android but with no modification made to the mediaserver component are also affected,” they said.

The researchers have suggested that in order to block the threat, the Android users can download Trend Micro Mobile Security (TMMS), which can detect threats trying to use this vulnerability and running any of the scenarios presented. They can also reboot their device using safe mode to uninstall the malicious app.

“We also recommend that device manufacturers patch their devices regularly to prevent their users from suffering from attacks that use this vulnerability,” they explained.

 It is said that the new flaw is quite similar to those three other major vulnerabilities in Android’s mediaserver component that detected recently. CVE-2015-3823 could allow attackers to trap phones in endless reboots and ANDROID-21296336 may render devices silent. Lastly, CVE-2015-3824 dubbed Stagefright can be used to install malware through a multimedia message

- See more at: http://www.ehackingnews.com/2015/08/fourth-android-vulnerability-detected.html#sthash.4j5L5eOl.dpuf