Google Announces Fix For Critical Android Security Issues
Google disclosed discovery of security vulnerabilities on Android which affected millions of phones that run on the search giant's mobile operating system. Working overtime to find a fix, Google finally announced that it has started to rollout security patches via updates they started distributing on Tuesday.
In a report by ARS Technica, millions of phones running on Android were revealed by Google to have vulnerabilities that can be exploited by attackers. Two of the bugs are considered "extremely serious" with comparisons being made to the Stagefright bugs that afflicted Android last year.
Google has announced that on Tuesday the fix has been delivered via updates. However, a huge chunk of phones are reportedly not eligible to get the security patches and even flagship models like the Nexus 5X do not get instantly updated.
ARS Technica also reported that it was a researcher from Google's Project Zero security team, Mark Brand who discovered the CVE2016-3861 vulnerability. According to Brand, the bug can be used by hackers to deliver malware and make vulnerable phones more open to infections.
He said the bug was easy to find and that there is strong likelihood that other researchers may have been aware of its existence too. To stem growing panic, A Google representative assured users that the bug they discovered is for research only and would take advanced research in order to be fully exploited.
In a similar report, Engadget pointed out the same bugs but also added that Google Play had been harboring apps that were afflicted with two kinds of malware, CallJam and DressCode. The first directed phones to websites that claim huge revenues in ads and if allowed access by users will start making calls to paid numbers.
The same MO goes for DressCode but it can deal extra damage by compromising local networks. Google has reportedly brought down the malicious apps from Google Play.