Wednesday, November 4, 2015

Edge Galaxy S6: 11 vulnerabilities detected by Google – ZDNet France

Google obviously addresses the vulnerabilities it detects on its own code, but the Android model, with its multiple manufacturers offering each their mobile OS versions of Android remains conducive to the proliferation of security vulnerabilities .

“The majority of Android phones is not made by Google but by external companies (OEMs) that use the Android Open Source Project (AOSP) to develop their own devices,” explains Natalie Silvanovich on Google’s blog “OEMs are an important research topic for Google: manufacturers actually add additional code (and potentially vulnerable) in Android devices”
 

The candidate selected by the Project Zero team is the latest in the Samsung range, the Galaxy Edge S6. The Google team was given a challenge: finding the maximum of vulnerabilities in the space of one week, the opportunity for Google to organize a competition between American and European teams of the company’s security departments.
 

A total of 11 vulnerabilities were found in the Samsung Android implementation: these security flaws have been communicated to Samsung, which has already corrected 8 of them in his patch patch October. The Korean company promises to fix three flaws left gaping in the November patch, but Natalie Silvanovich noted that the three remaining flaws are the least dangerous of the lot.

Among the vulnerabilities discovered by the Google team, some allowed to smuggle mails received by the user directly from the mail client provided by Samsung, or potentially execute malicious JavaScript code from the same mail client.

 The Google Team Zero nevertheless notes that the safeguards deployed play their role and tools such as SELinux have complicated the task of the teams of Project Zero. These vulnerabilities have mostly been corrected, but the team of Google Zero boasts a respectable score: 11 security flaws discovered in the space of a week is a good performance

.

LikeTweet

No comments:

Post a Comment