diff options
Diffstat (limited to 'en/security')
-rw-r--r-- | en/security/bulletin/2017-04-01.html | 9 | ||||
-rw-r--r-- | en/security/index.html | 2 | ||||
-rw-r--r-- | en/security/overview/implement.html | 3 | ||||
-rw-r--r-- | en/security/overview/updates-resources.html | 30 |
4 files changed, 23 insertions, 21 deletions
diff --git a/en/security/bulletin/2017-04-01.html b/en/security/bulletin/2017-04-01.html index 4498d7dd..7d25193e 100644 --- a/en/security/bulletin/2017-04-01.html +++ b/en/security/bulletin/2017-04-01.html @@ -20,7 +20,7 @@ See the License for the specific language governing permissions and limitations under the License. --> -<p><em>Published April 03, 2017 | Updated April 05, 2017</em></p> +<p><em>Published April 03, 2017 | Updated April 21, 2017</em></p> <p>The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device @@ -140,14 +140,14 @@ successfully exploited on Android.</p> <li>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室): CVE-2016-10236</li> <li>Qidan He (何淇丹 - <a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) - of KeenLab, Tencent: CVE-2017-0544, CVE-2016-10231, CVE-2017-0325</li> + of KeenLab, Tencent: CVE-2017-0544, CVE-2017-0325</li> <li>Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>) of Aleph Research, HCL Technologies: CVE-2017-0582, CVE-2017-0563</li> <li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0562, CVE-2017-0339</li> <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of - TrendMicro Mobile Threat Research Team: CVE-2017-0578</li> + TrendMicro Mobile Threat Research Team: CVE-2016-10231, CVE-2017-0578, CVE-2017-0586</li> <li>Tim Becker: CVE-2017-0546</li> <li>Uma Sankar Pradhan (<a href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>): CVE-2017-0560</li> @@ -161,8 +161,6 @@ successfully exploited on Android.</p> <li>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>), Guang Gong (<a href="https://twitter.com/oldfresher">@oldfresher</a>), and Hao Chen of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0580, CVE-2017-0577</li> - <li>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of - IceSword Lab, Qihoo 360 Technology Co. Ltd.: CVE-2017-0586</li> <li><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.: CVE-2017-0548</li> <li>Zubin Mithra of Google: CVE-2017-0462</li> @@ -2690,6 +2688,7 @@ belongs. These prefixes map as follows:</p> <ul> <li>April 03, 2017: Bulletin published.</li> <li>April 05, 2017: Bulletin revised to include AOSP links.</li> + <li>April 21, 2017: Attribution for CVE-2016-10231 and CVE-2017-0586 corrected.</li> </ul> </body> diff --git a/en/security/index.html b/en/security/index.html index 8521b8bb..5d62e5d1 100644 --- a/en/security/index.html +++ b/en/security/index.html @@ -158,7 +158,7 @@ Android devices with <a href="https://www.android.com/gms/">Google Mobile Services</a>. While these services are not part of the Android Open Source Project, they are included on many Android devices. For more information on some of these services, see Android Security’s -<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">2015 +<a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf">2015 Year in Review</a>. </p> <p> diff --git a/en/security/overview/implement.html b/en/security/overview/implement.html index bbe1967c..7233a34d 100644 --- a/en/security/overview/implement.html +++ b/en/security/overview/implement.html @@ -56,6 +56,9 @@ automated source code review. Best practices:</p> application code using the Android SDK and correct any identified issues.</li> <li>Native code should be analyzed using an automated tool that can detect memory management issues such as buffer overflows and off-by-one errors.</li> +<li>The Android build system has support for many of the LLVM sanitizers, +such as AddressSanitizer and UndefinedBehaviorSanitizer which can be used +for this purpose.</li> </ul> <h3 id="auto-test">Using automated testing</h3> diff --git a/en/security/overview/updates-resources.html b/en/security/overview/updates-resources.html index c524b5ff..fcf199f5 100644 --- a/en/security/overview/updates-resources.html +++ b/en/security/overview/updates-resources.html @@ -275,40 +275,40 @@ href="https://developer.android.com">https://developer.android.com</a></p> <p>Security information exists throughout the Android Open Source and Developer sites. Good places to start:<br> -<a href="https://source.android.com/security/index.html">https://source.android.com/security/index.html</a><br> +<a href="/security/index.html">https://source.android.com/security/index.html</a><br> <a href="https://developer.android.com/training/articles/security-tips.html">https://developer.android.com/training/articles/security-tips.html</a></p> <h3 id=reports>Reports</h3> <p>Sometimes the Android Security team publishes reports or whitepapers. Here are some of the most recent.</p> <ul> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf"> + <li><a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf"> Android Security 2016 Year In Review</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> + <li><a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> Android Security 2015 Year In Review</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2014_Report_Final.pdf"> + <li><a href="/security/reports/Google_Android_Security_2014_Report_Final.pdf"> Android Security 2014 Year In Review</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android_WhitePaper_Final_02092016.pdf"> + <li><a href="/security/reports/Android_WhitePaper_Final_02092016.pdf"> Android Security white paper</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> + <li><a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"> Classifications for Potentially Harmful Applications</a></li> </ul> -<h3 id=slides>Android Bootcamp 2016 slides</h3> -<p>The Android Security team has published their Android Bootcamp 2016 slides that cover new security features.</p> +<h3 id=slides>Presentations</h3> +<p>The Android Security team presents at various conferences and talks. Here are some of their slides:</p> <ul> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-Verified-Boot-and-Encryption.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-Verified-Boot-and-Encryption.pdf"> Verified boot and encryption</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-SafetyNet.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-SafetyNet.pdf"> SafetyNet</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-New-App-Lifecycle-for-Encryption.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-New-App-Lifecycle-for-Encryption.pdf"> New app life cycle for encryption</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-Keeping-Google-Play-safe.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-Keeping-Google-Play-safe.pdf"> Keeping Google Play safe</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-Defense-in-depth-efforts.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-Defense-in-depth-efforts.pdf"> Defense in depth efforts</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-Android-Keystore-Attestation.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-Android-Keystore-Attestation.pdf"> Keystore attestation</a></li> - <li><a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-Android-Attack-Team.pdf"> + <li><a href="/security/reports/Android-Bootcamp-2016-Android-Attack-Team.pdf"> Android attack team</a></li> </ul> |