fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Android’s March 2022 Security Updates Fix Three Critical Bugs

Android’s March 2022 Security Updates Fix Three Critical Bugs

Google has released the March 2022 security updates for Android 10, 11, and 12, addressing three critical severity flaws, one of which affects all devices running the latest version of the mobile OS.

Tracked as CVE-2021-39708, the flaw lies in the Android System component, and it’s an escalation of privilege problem requiring no user interaction or additional execution privileges.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.” – mentions Google’s bulletin.

Also Read: 10 Government Data Leaks In Singapore: Prevent Cybersecurity

The other two critical flaws are CVE-2021-1942 and CVE-2021-35110, both affecting closed-source components on Qualcomm-based devices.

For a full list of which Qualcomm chipsets are affected by these two vulnerabilities, check out the chipmaker’s security bulletin.

No further technical details have been published for any of the fixed vulnerabilities, as doing so would put users running an older patch level at risk.

Other fixes that land with the March 2022 update are:

  • 1 medium severity escalation of privilege flaw in Android runtime (version 12)
  • 5 high severity escalation of privileges flaws in Android Framework (versions 10, 11, 12)
  • 2 high severity denial of service flaws in Android Framework (version 12)
  • 1 high severity information disclosure in Media Framework (versions 10, 11, 12)
  • 8 high severity escalation of privilege flaws in System (versions 10, 11, 12)
  • 1 high severity information disclosure flaw in System (versions 10, 11, 12)
  • 4 high severity escalation of privilege flaws in Kernel
  • 1 high severity information disclosure in Kernel
  • 3 high severity flaws in MediaTek components
  • 10 high severity flaws in Qualcomm components

As is the case every month, Google has released two patch levels for March 2022, one denoted as “2022-03-01” and one as “2022-03-05”.

Also Read: How To Anonymised The Data: What Are The Importance Of This?

The second patch level includes everything in the first set plus fixes for third-party closed source and Kernel components that may not apply to all devices.

As such, your device vendor may choose to push the first level to save on roll-out time, and it won’t necessarily mean that you are left vulnerable to exploitation.

With the only exception being Google’s Pixel line which receives these security updates immediately, all other vendors will need some time to bundle the patches for each of their models, as different hardware configurations require dedicated testing and fine-tuning.

If you are running anything older than Android 10, consider upgrading to a new and actively supported device or flashing your existing with a third-party Android ROM that’s based on a recent AOSP version.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us