The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device.

The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device.

The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed ‘Broadpwn’ that impacts both Android and iOS devices.

One year after kicking off monthly Android security updates and Google still is way behind Apple when it comes to patching.

Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks. The Qualcomm-related patches are among dozens in the monthly Android Security Bulletin, which marks its first anniversary this week after its maiden voyage...

Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers a combined $550,000 – an...

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches. Mediaserver has been a front and center security issue since last summer’s...

Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices. The public exploit—a rooting application—was privately disclosed to Google on March 15 by Zimperium researchers, and a less than a month after CORE Team researchers reported that CVE-2015-1805, which was patched in 2014 in the Linux kernel, also affects...

A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws affecting Android, privately disclosed to Google last Tuesday they found an...