tech2 News StaffNov 05, 2015 08:59:01 IST
When Google researchers tried looking for vulnerabilities in the Android OS running on Samsung's latest Galaxy S6 Edge, they found not less than 11 bugs.
Google's Project Zero looks into vulnerabilities of the device made by OEMs using the Android Open-Source Project (AOSP). "Having done some previous research on Google-made Nexus devices running AOSP, we wanted to see how different attacking an OEM device would be. In particular, we wanted to see how difficult finding bugs would be, what type of bugs we would find and whether mitigations in AOSP would make finding or exploiting bugs more difficult," Google writes in the Project Zero blog.
The most serious issue was Samsung's WifiHs20UtilityService path traversal, a service that scans zip file in SDcard, downloads and also unzips it. The bug exploits the API used to unzip and does not verify the path, causing it to be written in any unidentified location.
Overall, the team found sufficient number of high-severity issues. The issues have been reported to Samsung and the company has already responded stating about eight issues have been fixed in the October Maintenance Release.
Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.