The Complete Magazine on Open Source

Google fixes critical security bug on Android Nougat

SHARE
/ 1602 0

Android nougat bug

Google has released the November Android update for its Nougat version. The new software update comes with a fix for a critical security vulnerability that was enabling remote code execution on the newest Android version.

To provide a backdoor entry, the severe issue (CVE-2016-6699) within Android Nougat operating system was giving remote code execution on an affected device through multiple methods like email, web browsing and MMS when processing media files. This means that the vulnerability was such serious that attackers could steal personal data without requiring any app installation.

“We have had no reports of active customers exploitation or abuse of these reports,” the Android team writes in a blog post.

In addition to the severe media file vulnerability, the latest Android update fixes tons of serious issues. However, the recently emerged flaw called ‘Dirty Cow’ that came directly from Linux kernel is yet to be patched.

Google has already notified its partners about the issues described in the security update bulletin last month. Further, the source code of the bugfixes within the Android November update will reach the Android Open Source Project (AOSP) repository in the coming hours.

Devices, mainly Android 7.0.1 Nougat running Nexus and Pixel phones, are compatible with the latest software update. Users have already started receiving an over-the-air (OTA) update to patch the security holes.