Tuesday , December 11 2018 Ausdroid » Software » Android, Modding & Updates » Mid-month security update to roll out to Nexus devices after exploit was used on a Nexus 5

Nexus Logo
Google’s monthly security updates will see an additional rollout this month, after Google noted an exploit had been used on a Nexus 5.

The vulnerability – specifically CVE-2015-1805 – was being used by a rooting app, which used a previously reported exploit to gain local elevation of privilege. The vulnerability was scheduled to be patched as part of Google’s regularly scheduled monthly update, but once security researchers at Zimperium showed the exploit had been abused on a Nexus 5, and Google further found it could be used on a Nexus 6, Google moved forward with the mid-month patch.

Google has patched the exploit in AOSP, and shared the patch with partners who can roll the fix out as part of their own update schedule, to unpatched devices running kernel versions 3.4, 3.10 and 3.14, which includes all Nexus devices. Google specifically states that Android devices running Linux kernel 3.18 and above – which includes the newly released Galaxy S7 – are not affected.

The rooting app, as are all apps of this nature, is specifically blocked in Google Play, and the Verify Apps function in Android already detects applications using this specific vulnerability, so it has to be installed specifically to be used.

The fix is available, and Google has advised that ‘Nexus updates are being created and will be released within a few days’.

Source: Google Security Bulletin.
Via: Android Central.

Daniel Tyson   Ausdroid's Editor in Chief

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

1 Comment threads
1 Thread replies
Most reacted comment
Hottest comment thread
2 Comment authors
Tony SopranoDarren Ferguson Recent comment authors
newest oldest most voted
Notify of
Ausdroid Reader

Just about every exploit is one where the user specifically has to go out of their way to install it.

Tony Soprano
Tony Soprano

Pretty much why I don’t worry most of the time. Don’t download dodgy/suss looking applications and 99% of them time you’ll be fine.

Check Also

Samsung releases its One UI in beta form for Galaxy Note 9 users in Germany, India, and the U.S.

Samsung has released its new One UI in beta form overnight to Galaxy Note 9 …