Google fixes final 'Quadrooter' flaws with new security patch

The outstanding flaws were fixed a month after the initial disclosure.
Written by Zack Whittaker, Contributor
Image: CNET/CBS Interactive

What took Google a month to fix took others just a couple of weeks.

In the latest round of Android security fixes released Tuesday, the company fixed two remaining flaws that were part of the so-called "Quadrooter" set of vulnerabilities announced last month.

Quadrooter was particularly troublesome because the set of four flaws (hence the name "quad") affected at least 900 million Android devices. These high-risk vulnerabilities would allow a dedicated and well-trained attacker to gain complete access to an affected phone and its data.

Google, which develops Android, said that most phones had received at least two or even three of the fixes in previous security bulletins. But the rest would remain outstanding for a month, until now, when the company released its regularly-scheduled monthly patches.

That didn't stop at least one phone maker pushing out a patch in the meanwhile.

BlackBerry was the first phone maker to patch the flaws. Silent Circle, which makes the Blackphone, also released a patch, but it was subsequently pulled.

Google said Tuesday that the two outstanding bug fixes will land on its own-brand Nexus devices in the coming hours and other devices in the next few days.

According to the bulletin, Google confirmed that the two escalation of privilege bugs -- CVE-2016-2059 (rated "high") and CVE-2016-5340 (rated "critical") -- were fixed.

The Android software and phone maker also fixed six more critical bugs in the mobile operating system, including two remote code execution flaw in core Android components.

Nexus users should automatically receive the update.

Editorial standards