After the discovery of several critical security flaws in the mobile operating system, Google continues to send out patches to address the vulnerabilities. The patch includes a fix for another flaw in the Stagefright media playback engine - one in libutils where the Stagefright 2.0 vulnerabilities were found, and two in Android Mediaserver where all the vulnerable code runs. The over-the-air update was released today to Google’s Nexus devices and will be added to the Android Open Source Project (AOSP) repository in the next two days; Google partners including Samsung were provided the patches. Google rated one of the Mediaserver vulnerabilities, CVE-2015-6608, as critical, as it did the libutils flaw, CVE-2015-6609; both allow for remote code execution if exploited. Mediaserver is a core part of the Android OS and a number of applications that accept remote contact interact with it, pointing to MMS messaging and media playback via the browser as two examples.
Source:
Threatpost
IT Security News
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis