| Title | Old Android Flaw Elevates Privileges, Steals SMS, Call Logs | |
| Date | Thursday May 05 2016, @04:52PM | |
| Author | CoolHand | |
| Topic | ||
| from the well-thought-out-OS dept. | ||
A five-year-old privilege escalation vulnerability in Android disclosed today affects hundreds of different device models going back to Jelly Bean 4.3.
https://threatpost.com/five-year-old-android-flaw-exposes-sms-call-history/117873/
-- submitted from IRC
A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS' implementation of Security Enhanced Linux, are at a lesser risk.
The vulnerability allows attackers to escalate privileges on a device, leading to further attacks such as stealing SMS or call logs. Researchers at FireEye's Mandiant Red Team found the flaw, CVE-2016-2060, in Qualcomm software available from the Code Aurora Forum. Related Posts Apple Updates Xcode's Git Implementation May 4, 2016 , 3:02 pm Google Patches More Trouble in Mediaserver May 2, 2016 , 2:00 pm Phony Google Update Spreads Data-Stealing Android Malware April 29, 2016 , 12:52 pm
Qualcomm patched the affected software and moved a fix to OEMs in March. As with other Android patches, OEMs must push updates to devices. Mandiant cautions, however, that it's likely many devices will not be patched. The vulnerable APIs, for example, were found in a 2011 git repository, meaning that the code has been in circulation for five years and could be in an untold number of devices.
| Links |
printed from SoylentNews, Old Android Flaw Elevates Privileges, Steals SMS, Call Logs on 2024-04-19 05:57:51