Samsung Galaxy S6 Edge smartphone is hit by 11 high impact security issues, which was revealed by the Google’s Project Zero. Out of them, 8 have been fixed. Google gives the explanation for working upon this type of projects as to see how easy or difficult it would be to spot bugs and security vulnerabilities in Android phones manufactured by OEMs.
Google revealed that, “OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers.”
The software giant has made a team to work for gaining remote access to contacts, photos and messages. These accesses can be gained via an app installed from Google Play Store with no permissions and executing codes across a device wipe.
In a blog post notes it is mentioned that, “when the file is unzipped in downloads, the API does not verify the file path and it can be written in unexpected locations.” This issue has been fixed.
Google wrote, “Each team worked on three challenges, which we feel are representative of the security boundaries of Android that are typically attacked,” Google wrote. “They could also be considered components of an exploit chain that escalates to kernel privileges from a remote or local starting point.”
“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device that slowed us down,” Google concluded. “The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review. It was also surprising that we found the three logic issues that are trivial to exploit. These types of issues are especially concerning, as the time to find, exploit and use, the issue is very short.”