Google has today issued a bundle of 40 security patches for its Android operating system.
A dozen of the fixes correct critical vulnerabilities in versions 4.4.4 of the operating system and above. About 74 per cent of in-use Android devices run Android 4.4.4 or higher.
These critical bugs can be potentially exploited by miscreants to hijack millions of vulnerable handsets, tablets and other Android gadgets, install malware on the devices, and spy on people.
Opening a malicious video file could lead to remote-code execution. Apps can infiltrate Qualcomm’s TrustZone kernel, which is supposed to be a secure area away from Android where things like fingerprint readers are controlled. Drivers by Qualcomm and Nvidia can be exploited by apps to gain extra privileges.
Hackers have to dodge Android’s built-in defenses to succeed, but this is not an impossible task. Never mind that, though, Google has decided to tweak the name of its monthly security patches.
“To reflect a broader focus, we renamed this bulletin (and all following in the series) to the Android Security Bulletin. These bulletins encompass a broader range of vulnerabilities that may affect Android devices, even if they do not affect Nexus devices,” the Android advisory said.
Submitted by: Arnfried Walbrecht