Skip to main content

Android Bug Hunter Awarded Over $100,000


Google has paid a Chinese security researcher more than $110,000 for discovering two bugs that could be used to hijack its Pixel devices.
Guang Gong, a researcher with Qihoo 360 Technology, reported the bugs to Google through its Android Security Rewards programme last August, and the issues were fixed in the December 2017 security update (patch 2017-12-05).
The exploit chain includes two bugs: CVE-2017-5116 and CVE-2017-14904. The former is a V8 engine type confusion bug, which can be used for remote code execution in sandboxed Chrome render process environments. The latter, CVE-2017-14904, is a bug in Chrome's libgralloc module that can be used to escape from Chrome's sandbox. It is caused by a mismatch between map and unmap functions, causing a Use-After-Unmap issue.
Together, these bugs can be leveraged to inject code into the system_server process by opening a malicious URL in Chrome.
Pixel users clicking on such a link in Chrome could have had their devices compromised, which could include additional harmful software downloads or the theft of personal information.
Google increased the possible Android Security Rewards payouti n July, from $50,000 to as much as $200,000; Gong was the first to take home one of the new, higher payouts. He was awarded $105,000 by Google - the highest bounty in the programme's history - and $7,500 by Chrome Rewards.
Labels:

Comments

Post a Comment

Popular posts from this blog

Apple to release software update to resolve iPhone slowdown

Apple Inc will release a software update that will allow users to turn off a feature that slows down iPhones when batteries are low on charge, Chief Executive Tim Cook told ABC News. Apple will release a test version of its iOS  software next month that shows users the health of their batteries and will let them turn off a phone-slowing feature meant to prevent sudden shutdowns in iPhones with older batteries, Cook said in an interview with ABC News on Wednesday. “We will tell somebody we are reducing your performance by some amount in order to not have an unexpected restart, and if you don’t want it, you can turn it off,” Cook said. “We don’t recommend it because we think that people’s iPhones are really important to them and you can never tell when something is so urgent. Our actions were all in service of the user.” An Apple spokeswoman declined to comment beyond Cook’s remarks or say when the update would be available to consumers. Apple confirmed on December 20 t...
Post a Comment
Read more

YouTube,Logan Paul, What is going on?

YouTube has made it much harder for smaller YouTube creators to earn money from their videos through advertising. New rules say channels need at least 1,000 subscribers and 4,000 hours of watchtime over the last year to keep qualifying for YouTube's partner program, which lets creators monetise their videos. Smaller creators have already expressed their frustration, but the impact could be much greater on black and minority creators who already have a harder time getting subscribers. Logan was criticised for joking about a dead body he had found in  a Japanese forest  known for suicides. It took 10 days for YouTube to admit the video shouldn't have been published.Although the platform had earlier said it "prohibits violent or gory content posted in a shocking, sensational or disrespectful manner."Logan removed the video two days after it had been put up, but by then it had been viewed more than five million times.  YouTube was heavily criticised f...
Post a Comment
Read more

WhatsApp now warns users against hoax messages

Whatsapp is reportedly testing a new feature designed to warn user against sending hoax measssages The feature, which was spotted by Whatsappen.nl and WABetaInfo, warns users that certain messages have been “forwarded many times”. This warning, which is displayed to both senders and recipients, makes no claim to the messages authenticity, but serves as a tell-tale clue that the message perhaps isn’t exactly kosher. FORWARDED MESSAGES A spammer never sends spam messages to a single contact, but he is used to send them to multiple users, selecting them in his contacts list, picking these data from the Internet or from some registration services. These messages may content unwanted advertising and fake news, and they often invite you to forward the message to your contacts.So, he is used to forward one or multiple spam messages to multiple contacts using the Forward option in WhatsApp: for this reason WhatsApp is going to do something about messages that ...
Post a Comment
Read more