(Photo: dpa, Teresa Dapp)
<- rspeak_start ->
Security researchers from Google’s Project Zero! Samsung have examined additional software that stirred the manufacturer with the pure version of Android. The team comes at a worrying result.
Google’s cryptologists from Project Zero have Samsungs additional software on the Galaxy S6 Edge investigated a week and eleven vulnerabilities found. Starting point for the investigation was loud Natalie Silvanovich, author of the report, the question of whether an Android device with additional software from manufacturers has more targets than a Nexus device with an unchanged version of Android. In addition, Google wanted to test how fast a device manufacturer has prepared updates when gape in its additional software vulnerabilities.
Google relies on its devices the Nexus series, the “pure” OS version of the Android Open Source Project ( AOSP) a. Samsung and Co. take AOSP as a base and interweave these with its own code in order to provide such equipment vendor-specific features.
Nearly a dozen vulnerabilities
The According to security researchers, it has the code of Samsung in and eleven vulnerabilities they could procure approximately Apps more rights to execute arbitrary code and read emails from users. Three vulnerabilities can be exploited to particularly easy. Google’s Project Zero classifies all issues identified as a serious.
Silvanovich et al. but also explain that they “have hindered effective safety mechanisms at work” some. Most vulnerabilities are to be found in the device drivers, and processing of multimedia content.
Samsung responds
In a time window of 90 days, Samsung has crammed eight vulnerabilities via over-the-air update, explain the cryptographer. The three outstanding vulnerabilities are less threatening. Samsung will distribute the updates as soon as possible. (the)
No comments:
Post a Comment