Google Patches ‘Extremely Serious’ Bugs on Nexus Devices

By Godfrey Barasa, | September 13, 2016

Google

Google

Two very serious Android susceptibilities were recently discovered and patched on Nexus devices through an Over-the-Air security update. The vulnerabilities could allow hackers to locally execute malware or gain local privileges on a user's phones.

Google Project Zero researcher Mark Brand discovered the first vulnerability. According to Brand, while the bug was straightforward in nature, it was extremely serious and could spread in different ways. He said it was shocking that the problem had remained undisclosed for long.

Like Us on Facebook

Brand's exploit works only on an undisclosed set of Nexus smartphones. It could not be used in real-world attacks without substantial modification and even further research.

The Google Project Zero researcher suggested it is present in several recently released units of the Nexus 5X. The exploit is reliable and fast, according to Brand.

Google is yet to receive any reports of active exploitation or abuse of the newly reported problems. However, the search engine giant has encouraged all Android users to update their devices when they can.

The second vulnerability is similar to Stagefright. The bug exploited by concealing a malicious code in a JPEG image date before sending the picture via Gmail or Google Talk. The unsuspecting victim does not need to click on or open any links to be compromised.

The two bugs were made public around the same time that security firm Checkpoint discovered two types of malware planted in Google Play apps. One of the malware, DressCode, which was revealed in August, was reportedly used to spoof ad clicks and generate income for hackers, but can be applied to breach private internal networks. On the other hand, CallJam was hidden inside the game Gems Chest for "Clash Royale," and it included a premium dialer to generate false phone calls. 

©2024 Telegiz All rights reserved. Do not reproduce without permission
Real Time Analytics