Category: Mobile Security | Page 4

Android 14 April security patch rolling out for Pixel devices

April 3, 2024/in Mobile Security

Google has started the rollout of its critical April 2024 security patch for Pixel phones. The update, announced in a Pixel community post, addresses numerous vulnerabilities and potential exploits. If you own a compatible Pixel device, you might have it waiting already, but wide availability will take a few weeks.The April 2024 update targets the Pixel 5a 5G and all newer Pixel models. Look for build number AP1A.240405.002 (or the .A1 variant for the Pixel Fold). Carrier and regional factors may influence when you see the update available on your device.

Google’s release notes highlight a substantial list of fixes. The update addresses eight general Android 14 vulnerabilities (dated April 1st) and an additional 20 dated April 5th. Severity levels range from high to critical. Below are the most notable ones listed in the changelog:

Biometrics

Fix for issue causing black screen to appear when unlocking screen in certain conditions (Pixel 5a 5G)

Camera

Fix for camera stability under certain conditions when switching between different zooms (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel Fold)
Fix for issue with black halo artifacts appearing under certain conditions in the viewfinder upon transitioning from photo to video mode at 1x zoom (Pixel 8 and Pixel 8 Pro)
Fix for issue where users are unable to re-expose image after tapping anywhere on the viewfinder (Pixel 8 and Pixel 8 Pro)

More importantly, the company warns that two Pixel-specific flaws (CVE-2024-29745 and CVE-2024-29748), affecting the bootloader and firmware, “may be under limited, targeted exploitation.” While details are scarce, this underscores the urgency of updating your device.

Source…

OnePlus 12 receives new firmware with the March 2024 security patch

April 1, 2024/in Mobile Security

What you need to know

OnePlus brings system-wide stability improvements with the latest OxygenOS 14 release.
It brings notable features like individual “app-specific volume” and pressing the volume down the rocker to turn on the flashlight.
The firmware rollout has been rolled out to a small percentage of OnePlus 12 users, and more will follow in the coming days.

It is that time of month when OnePlus 12 users should check their device’s settings for OTA updates, as the company announced a new update with the latest security patch.

After rolling out the OxygenOS 14.0.0.602 early last month, the company is now rolling out the 14.0.0.604 version for the OnePlus 12 devices across the Indian, North American, and Global regions, OnePlus shared in its accompanying community post over the weekend.

The new firmware released across regions brings the latest March 2024 Android security patch, and the shared changelog notably has system-wide improvements and fixes.

OnePlus 12R Genshin Impact Edition at MWC 2024 — (Image credit: Nicholas Sutrich / Android Central)

The latest update allows users to “create photo collages without frames in Photos.” A new “Partial screenshot” option has been added to the Smart Sidebar in the latest OxygenOS 14 release.

The update also brings convenience for the OnePlus 12 users, who can now turn on the flashlight without waking up the screen by simply long-pressing the volume down rocker.

The interface also has other nifty features, such as typing the first letter of an app in the home screen search bar, which gives you way better results in Drawer mode.

Additionally, users won’t have to tamper with the real volume settings since they can modify the volumes at “app-specific” levels. For instance, users may reduce the volume on the Instagram app individually while maintaining the current system volume settings.

The update also notably improved “the volume bar’s design for ease of use and visual consistency.” Lastly, alongside the security patch, users can expect system-wide stability enhancements with the new incremental release of OxygenOS 14.

OnePlus says that the new update has begun rolling out to the OnePlus…

Source…

Google on why it decided to offer 7 years of Android, security updates on Pixel 8 series

March 31, 2024/in Mobile Security

Google Pixel 8 series launch announcement was a bit of a sweet surprise for potential buyers as the company promised 7 years of OS and security updates. Apart from a bunch of AI magic tricks and quarterly feature drops, Google went ahead with this USP to make Pixel phones stand-out from a sea of Android smartphones. Recently, one of the company executives spoke about it and why it was done.

Seang Chau, vice president – Devices & Services Software, said during a podcast that Google has active user data of its Pixel users which suggests that most people use one model for multiple years.

“So when we look at the trajectory of where the original Pixel that we launched in 2016 landed and how many people were still using the first Pixel, we saw that actually, there’s quite a good active user base until probably about the seven-year mark,” Chau said.

According to the executive, when Google realised that people have been using the phones for as long as six years, the company decided that it will support Pixel 8 and later models with a total of 7 years of OS and security updates.

How Google is able to promise this change
One of the major changes that Pixel smartphones have seen since Pixel 6 onwards is the Tensor SoC – designed by Google to undertake AI tasks and machine learning models, giving it a better control on features.

But 7 years is a long time in the smartphone industry, and to tackle hardware limitations, Chau said that by keeping features software-based, Google aims to extend the usability of older devices, allowing them to benefit from new features without needing hardware upgrades.

Recently, it was announced that Pixel 8 is also going to get some AI features that were available on Pixel 8 Pro.

Source…

Google Revealed Kernel Address Sanitizer To Harden Android Firmware

March 29, 2024/in Mobile Security

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.

However, it has a big attack surface with over 2.5 billion active Android devices all over the world.

It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.

Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.

Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.

Android Firmware And Beyond

KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

Understand the importance of a zero trust strategy

Complete Network security Checklist

See why relying on a legacy VPN is no longer a viable security strategy

Get suggestions on how to present the move to a cloud-based network security solution

Explore the advantages of converged network security over legacy approaches

Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.

Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime.

For user-space targets, enabling ASan is…

Source…