July Security Bulletin Published

Google has recently published the latest security bulletin, a monthly event where security flaws in Android are disclosed and fixed. Nexus device owners, including owners of the Nexus Player, shortly receive OTA updates that give them these security fixes.

This month there are a large set of fixes across various APIs, and they’ve split it into two different security patches: July 1st and July 5th. Some of the bugs from July 5th only affect particular Nexus devices. The bulletin also now mentions whether Nexus devices are affected by this flaw or if it’s a stock Android / hardware bug. Google has implemented their own security features on top of the platform such as Verify Apps. This routinely scans your phone for potentially malicious apps and is allowed to remotely uninstall them.

You can read the entire list of patches in the bulletin, but we’ll highlight a few interesting vulnerabilities.

There is an elevation of privilege vulnerability in the LockSettingsService that could allow the screen lock to be reset without the user’s authorization.

There is also an elevation of privilege in the ChooserTarget service, a new service that allows users to share content to specific users in an app instead of just abstractly to the app. This could allow a background service to execute code and access activities it isn’t supposed to

A elevation of privilege vulnerability in the USB driver could allow a malicious app to run kernel code and compromise the device.

Google seems to have done a thorough job recently of vetting their codebase, both on the platform and individual device drivers, and this bulletin is the result of that work. Overall, there were 9 critical, 29 high, and 16 moderate vulnerabilities published and fixed, and these patches will make users a lot safer.

When Android Nougat is released, users will also have these fixes built-in. Google continues to improve the software.

Nick Felker

Nick Felker

Nick Felker is a student Electrical & Computer Engineering student at Rowan University (C/O 2017) and the student IEEE webmaster. When he's not studying, he is a software developer for the web and Android (Felker Tech). He has several open source projects on GitHub (http://github.com/fleker)Devices: Moto G-2013 Moto G-2015, Moto 360, Google ADT-1, Nexus 7-2013 (x2), Lenovo Laptop, Custom Desktop.Although he was an intern at Google, the content of this blog is entirely independent and his own thoughts.

More Posts - Website

Follow Me:
TwitterLinkedInGoogle PlusReddit