plugs serious Nexus vulnerability in latest security update

BY

Published 9 Jan 2017

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

’s monthly Android security patches are always imperative for whichever phones are able to get them, but the nuary bundle is of particular importance to Nexus 6 6owners. As spotted by Ars Tehcnica UK, Googe has plugged a “high-severity” exploit in its latest patch that could allow attackers to listen in on calls steal data.

Only brought to light last week by IBM’s X-Force Exchange, the vulnerability in the two phone models opens access to hidden B interfaces. According to the report, “By rebooting the device with custom bootmodes, an attacker could exploit this vulnerability to override a secure B configuration gain elevated privileges on the system, cause a local permanent denial of service exfiltrate sensitive information.” The researchers warned that the exploit could result in “data theft, data destruction, () data corruption.”

As Ars Technica UK explains, older Nexus 6 phones were more vulnerable than the 6 “but (the newer phone’s firmware) could still be used to break into the modem’s AT interface. That interface would let attacks send or eavesdrop on SMS messages potentially bypass two-factor authentication.” The patch is among numerous high- critical-severity vulnerabilities that the nuary update plugs.

The impact on you at home: If you own a Nexus 6 6that has been updated to Nougat, it should automatically install the security patch as soon as it’s available. But whenever major flaws like this pop up, it’s a good idea to exercise some due diligence on whatever phone you’re running, check to see if it’s up to date. And if your phone is still running Marshmallow, check the settings to see if you can enable automatic security updates.