Wednesday , October 18 2017

Mid-month security update to roll out to Nexus devices after exploit was used on a Nexus 5

Nexus Logo
Google’s monthly security updates will see an additional rollout this month, after Google noted an exploit had been used on a Nexus 5.

The vulnerability – specifically CVE-2015-1805 – was being used by a rooting app, which used a previously reported exploit to gain local elevation of privilege. The vulnerability was scheduled to be patched as part of Google’s regularly scheduled monthly update, but once security researchers at Zimperium showed the exploit had been abused on a Nexus 5, and Google further found it could be used on a Nexus 6, Google moved forward with the mid-month patch.

Google has patched the exploit in AOSP, and shared the patch with partners who can roll the fix out as part of their own update schedule, to unpatched devices running kernel versions 3.4, 3.10 and 3.14, which includes all Nexus devices. Google specifically states that Android devices running Linux kernel 3.18 and above – which includes the newly released Galaxy S7 – are not affected.

The rooting app, as are all apps of this nature, is specifically blocked in Google Play, and the Verify Apps function in Android already detects applications using this specific vulnerability, so it has to be installed specifically to be used.

The fix is available, and Google has advised that ‘Nexus updates are being created and will be released within a few days’.

 
Source: Google Security Bulletin.
Via: Android Central.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

2 Comments on "Mid-month security update to roll out to Nexus devices after exploit was used on a Nexus 5"

avatar
Sort by:   newest | oldest | most voted
Member
Darren

Just about every exploit is one where the user specifically has to go out of their way to install it.

Tony Soprano
Valued Guest
Tony Soprano

Pretty much why I don’t worry most of the time. Don’t download dodgy/suss looking applications and 99% of them time you’ll be fine.

wpDiscuz

Check Also

Check for update button is no longer a Placebo in Android

The frustration of Google’s long, slow trollout for updates is almost palpable after a new …