Google Fixes All of Quadrooter Flaws with September Security Patch


Google has patched Quadrooter vulnerabilities in its monthly Android Security Bulletin. Affecting over 900 million Android devices, the exploit was put on a scale of Stagefright. Following patches of July and August, the latest Bulletin has fixed the two remaining Quadrooter flaws.

Google fixes the remaining Quadrooter vulnerabilities

Quadrooter affected at least 900 million Android devices, making it one of the high-risk vulnerabilities. Quadrooter is a set of four flaws, hence "quad," allowing attackers to take complete control of an affected device and its data. The vulnerabilities enable privilege escalation, and can be exploited to bypass currently available defenses in the Android Linux kernel. Using Quadrooter, an experienced attacker could trick the victim into downloading a malicious app. This exploit set affects devices powered by Qualcomm chipsets. Even exploiting one of these flaws, an attacker could root your device, bypass all privileges and install a malicious app, without the victim ever knowing about it.

Previous security bulletins brought in fixes for some of these exploits, and today's release finally patches them all up. Google has now started pushing out the latest security patches to its Nexus devices via over the air updates. Today's release is also the first Android security patch for Nougat devices. While Google is yet to upload the Android 7.0 factory images for some of the Nexus devices, the patches are available for Marshmallow devices.

Google's partners received the updates on August 5 and will start the process of sending these updates too - however long it takes. The company has also said that the Android Open Source Project will receive these patches within 48 hours.

The software maker has also fixed six other critical bugs in its mobile operating system, which include two remote code execution (RCE) flaws in the core Android components.