One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 330125 |
| Date de publication | 2017-03-07 07:40:00 (vue: 2017-03-07 07:40:00) |
| Titre | Android gets patches for critical OpenSSL, media server and kernel driver flaws |
| Texte | A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google's newer BoringSSL library, which is based on OpenSSL. What's interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | 2016 2017 2182 affects all also among android are article back based boringssl can certificate click code comment common compromise contains context critical cryptographic cve device driver execute exploited first five fixed fixes flaw flaws forcing from full gets google here high identified interesting its kernel known large leading leave level libraries library list located malicious march media mobile month newer old one openssl overly patch patched patches phones please potentially privileged process rated read revocation security september server set source ssl those untrusted vulnerabilities what which â android |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.