LightBlog

mardi 28 novembre 2017

NVIDIA Shield Tablet Update Patches KRACK and BroadPwn Vulnerabilities

NVIDIA released the original Shield Tablet back 2014, and followed it up with a more powerful model, the Shield Tablet K1, in 2015. It’s not terribly common to see original equipment manufacturers (OEMs) support older devices long past their launch date, but the company continues to buck the trend by regularly upgrading its entire Shield lineup’s software. Most recently, it announced Shield Tablet firmware version 5.3, which includes security patches for KRACK and BroadPwn.

Shield Tablet firmware version 5.3 adds every Android security patches through November 2017. It also fixes connectivity issues with Zagg Bluetooth keyboards, and includes stability improvements and optimizations.

NVIDIA Shield Tablet 5.3 Update Change Log

  • Addresses Wi-Fi vulnerabilities (KRACK and Broadpwn)
  • Fixes connectivity issues with Zagg Bluetooth keyboards
  • Overall system stability and security optimizations
  • Update to Android Security Patch Level November 5, 2017

The last NVIDIA Shield Tablet and Shield Tablet K1 update, which was in May, included April’s security update.

The BroadPwn vulnerability — a flaw in Broadcom’s Wi-Fi code — was patched in Android’s July 2017 security update. Along with a fix for BroadPwn, that month’s patch addressed 138 exploits and vulnerabilities, 18 of which were Remote Code Execution, which allow attackers to execute code remotely.

KRACK was more recent. Security researchers uncovered the exploit in October, which spoofs legitimate access points. If a connection to a vulnerable device is successful, attackers can use a program called sslstrip to manipulate all traffic that isn’t on port 80 to port 10,000. Once that’s done, they’re free to snoop on all of the data that’s being transmitted to and from the aforementioned device.

Needless to say, it’s a good idea to update all of your Shield devices.


Source: NVIDIA



from xda-developers http://ift.tt/2ieFm2q
via IFTTT

Aucun commentaire:

Enregistrer un commentaire