Google Fixes Rooting Vulnerabilities In Android

itwbennett writes: Google released over-the-air firmware updates for its Nexus devices Monday and will publish the patches to the Android Open Source Project (AOSP) repository by Wednesday, fixing a new batch of vulnerabilities in Android that could allow hackers to take over devices remotely or through malicious applications. The new patches address six critical, two high and five moderate vulnerabilities. The most serious flaw is located in the mediaserver Android component, a core part of the operating system that handles media playback and corresponding file metadata parsing.

Re:Android security? lol!

Overpriced basic phone with uniform updates, OR powerful but expensive phone with fewer updates, but longer support thanks to custom ROMs.

Re:Ask Slashdot :

[idontgno]

I don't think you were reading who you were responding to, or read but discounted it.

PP (Parent Poster) indicates that the hypothetical user isn't connecting to the internet. MMS requires internet connectivity to deliver its "more advanced than SMS" payload. From Wikipedia:

Technical description

MMS messages are delivered in a totally different way from SMS. The first step is for the sending device to encode the multimedia content in a fashion similar to sending a MIME message (MIME content formats are defined in the MMS Message Encapsulation specification). The message is then forwarded to the carrier's MMS store and forward server, known as the MMSC (Multimedia Messaging Service Centre). If the receiver is on a carrier different from the sender, then the MMSC acts as a relay, and forwards the message to the MMSC of the recipient's carrier using the Internet.

Once the recipient's MMSC has received a message, it first determines whether the receiver's handset is "MMS capable", that it supports the standards for receiving MMS. If so, the content is extracted and sent to a temporary storage server with an HTTP front-end. An SMS "control message"(ping) containing the URL of the content is then sent to the recipient's handset to trigger the receiver's WAP browser to open and receive the content from the embedded URL. Several other messages are exchanged to indicate status of the delivery attempt. Before delivering content, some MMSCs also include a conversion service that will attempt to modify the multimedia content into a format suitable for the receiver. This is known as "content adaptation".

The bolded portion of the last paragraph makes it clear: accessing the multimedia content requires HTTP connectivity via some TCP/IP network, which PP is disallowing in his hypothetical. I think you're describing the Stagefright vulnerability, and it's true that if you allow a vulnerable Android device to access malware MMS multimedia content, the malware will exploit the weaknesses of the Stagefright APIs and pwn the phone. However, most SMS/MMS programs can be configured to not automatically download multimedia content (but rather requiring user action to start the download). This changes Stagefright MMS from a "drive-by" vulnerability to a slightly less risky "requires user consent" one.

Re:mmm

[Teun]

The article is about Nexus devices, they are supported for many years.

Re:mmm

[sanf780]

Do not tell that to Nexus S owners. Still, it is good that at least Google keeps promising long term support.