Hello, welcome to the Monday, August 15, 2016 edition of the San San Bernard Storm Center's Stormcast.

My name is Johannes Ulrich, and today I am recording from Stockholm, Germany.

Google released a statement regarding the quad-ruder vulnerability that was announced by Checkpoint about two weeks ago.

It's really a set of four distinct

pervage escalation vulnerabilities for Android phones that use Qualcomm chipsets. According

to Google the exploitability for this particular vulnerability is somewhat lessened

because the victim has to install an application

so it's not like the stage fright vulnerability where just for example downloading an

image in an ms.s message or so would trigger the vulnerability in addition whenever

you do download an application it it goes through the Verify Apps feature

if you're running Android 4.2 and later.

And in this case, the Verify apps would detect the exploit and would block the application,

not giving the user the option to bypass the warning.

Verify apps has sort of two levels of detection.

At the lower level, it just suggests that the application may harm the system or may harm the phone

and it will still allow the user to overwrite the warning,

but in this case the more strict warning would be triggered, which cannot be bypassed.

And this is a default setting, so the user would have to specifically disable verify apps.

In addition, Google notes that three out of the four vulnerabilities are already addressed

in the most recent version of Android, the remaining fourth vulnerability should be addressed

in an update that will be released shortly.

So in short, Google probably rightfully so does object somewhat to the hype that the checkpoint

...