Category: Security

The Android team has released the Android security update patches for October today.  The patches, two this month instead of three, have been released for all supported Nexus devices as well as the Pixel C.  As is the norm, the updates have been released as Factory Images and OTA images for those who want to flash their devices immediately.  If you don’t, the OTA update should be coming to your devices over the course of the next week or so.  For those who have Nexus 6 phones, the news is really great for you as Android Nougat has finally been released for your phone and includes this October update.

Google has been splitting up their patches the last few months and October is no exception.  Unlike the last couple of months however, there are only two this month.  The first patch is the 2016-10–1 patch and it is the one for all devices and manufactures.  It contains 12 high priority security patches, mostly around elevation of privileges and denial of service threats.  The second patch, 2016-10-05, is primarily aimed at Nexus devices and contains 5 critical patches focused on remote code execution.  If you have a Nexus device, you will see the October 5th update which is inclusive of the fixes in the October 1st update.

Google has given another fresh coat of paint to their two-factor authentication app, Google Authenticator.  The update is rolling out to the Google Play store now and if you have it installed, you likely will see the OTA for it in the next day or two if not already.  The updated build is version 4.74 for those keeping score at home.  If you aren’t familiar with Authenticator, it is the code generating app when you enable two-factor authentication on your various accounts.  Many services offer two-factor including Google, Microsoft, Evernote, WordPress, Facebook, Twitter, etc.  I strongly urge all readers to enable two-factor on all of their accounts for security purposes.  Yes it is a pain but apps like Google Authenticator allow you to have multiple accounts in the app.

Most of the changes in this update are cosmetic but they are good to see.  First, the app is completely Material Design now which has a nice clean look to it.  The six digit codes generated are now split into two, 3 digit sections so it makes it much easier to read.

Yesterday Yahoo announced that in late 2014, a security breach on their network resulted in some 500 million user accounts being compromised.  Yet the company just now reported it.  The hack, which the company believes was state sponsored, compromised accounts and user data including names, birthdays, email addresses, passwords, security questions, and telephone numbers but, thankfully, did not include payment or bank data.

Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Security breaches in companies happen and far to often than they should.  It is a constant cat-and-mouse game between companies and blackhats, especially those blackhats who are working for governments around the world.  My issues is that it took Yahoo two years to tell users and even then, it wasn’t in big bold letters. It was a frickin’ Tumblr post.  Really?

The September 2016 Android security patches have been released for both Android Marshmallow and Nougat today.  This month there are three different patches available, an increase from the two that we have seen over the past few months.  Google has been working to spur on manufactures to get the security updates out quicker and by further subdividing the patches, it is further eliminating reasons on why they aren’t released.

According to the Security Bulletin released by the Android team, the patch 2016-09-01 will primarily deal with remote code execution and elevation of privileges within the Android platform.  This patch contains two critical updates and five high priority updates.

Like clockwork, with the change of the calendar to August, the Android team has just released the Android Security update for the month.  The new update patches are going to be hitting the AOSP over the course of the next 48 hours with the OTA updates for Nexus devices likely coming at the end of the week or early next week.  Like the Android team did in July, the August security updates are coming in two patches.  The first is the August 1st patch which has 1 critical update and 4 high priority updates out of the 14 total updates in the patch.  This patch is more generic in nature and applies to Android in general.  The Google team is trying to get these high priority updates out to their manufacturing partners faster so updates are done faster by them.  Those well versed in Android lore know that patches and updates are, um, lacking in some cases.

For those who have Nexus devices, the July Security Update for Android is now rolling out via an OTA update.  The update, 2 of them this month, were released last week on July 6th along with factory images and OTA images that users could flash to their devices manually.  With Google now pushing the updates out to Nexus devices, users will get the update as they usually do each month.  If you recall, this month’s update was split into two parts.  The first update, dated July 1st, was more a general fix for Android while the one dated July 6th was more driver specific updates for specific devices.  Google’s stated intent was to get the first update out so all of their partners could update their devices quickly without having to wade through driver tests for things their their devices just don’t use.