In the March 2016 Android Security Bulletin, Google Android has announced critical security vulnerabilities issues within their in Operating System (OS). The most severe of these issues is a critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing and MMS when processing media files.
Partners, such as LG and Samsung are now able to draw the patches from Android Open Source Project (ASOP) to build into their own software and release patches, which for carrier locked models, have to go through testing by those carriers before release. The Operating Systems affected include Android OS builds prior to LMY49H and versions prior to 6.0 without security patch level of March 1, 2016.
The Office of Information Security provides these Best Practices for mobile device security:
- Apply appropriate updates provided by Google Android or mobile carriers (i.e., Verizon, AT&T, T-Mobile, Sprint, or Cricket) to vulnerable Operating Systems
- Refer to the Android documentation for instructions on how to check the current security patch level
- Only download apps from trusted venders in the Play Store
- Be cautious of untrusted websites or links from unknown sources
- Educate yourself and always use mobile devices wisely.
To learn more about keeping your device safe, visit the Office of Technology Services’ Mobile Security Web page.
