Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program.

Today’s Android Security Bulletin included a patch for the Dirty Cow vulnerability, a seven-year-old Linux bug that had yet to be patched by Google.

The Android ecosystem may have dodged another Stagefright-type of vulnerability. Google’s monthly Android Security Bulletin released on Tuesday not only patched the remaining Quadrooter vulnerabilities, but also fixed another wide-ranging flaw that could allow an attacker to easily compromise—or at least brick—any Android device dating back to version 4.2. The key to staving off another...

The Quadrooter vulnerabilities made a lot of people take notice because the scale of affected Android devices (more than 900,000) put it on a level with Stagefright and other bugs that impact a large majority of the Android ecosystem. Some details on the four vulnerabilities were publicly disclosed at DEF CON in August by researchers...

Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks. The Qualcomm-related patches are among dozens in the monthly Android Security Bulletin, which marks its first anniversary this week after its maiden voyage...

The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle...

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while Mediaserver has been a mainstay since Google began releasing patches on a...

The glowing lack of public, real-world Stagefright exploits didn’t stop the U.S. government from using last summer’s blockbuster Android vulnerability as an illustration of the dangers facing mobile device users. Under the context of Stagefright exposing up to 1 billion devices to attack, the Federal Trade Commission and the Federal Communications Commission yesterday said they...

A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The vulnerability allows attackers to escalate privileges on a device, leading...

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches. Mediaserver has been a front and center security issue since last summer’s...