Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Monthly Android Security Update Patches More Stagefright Vulnerabilities

Monthly Android Security Update Patches More Stagefright Vulnerabilities


After the discovery of several critical security flaws in the mobile operating system, Google continues to send out patches to address the vulnerabilities. The patch includes a fix for another flaw in the Stagefright media playback engine - one in libutils where the Stagefright 2.0 vulnerabilities were found, and two in Android Mediaserver where all the vulnerable code runs. The over-the-air update was released today to Google’s Nexus devices and will be added to the Android Open Source Project (AOSP) repository in the next two days; Google partners including Samsung were provided the patches. Google rated one of the Mediaserver vulnerabilities, CVE-2015-6608, as critical, as it did the libutils flaw, CVE-2015-6609; both allow for remote code execution if exploited.  Mediaserver is a core part of the Android OS and a number of applications that accept remote contact interact with it, pointing to MMS messaging and media playback via the browser as two examples.
 
Source:
 
Threatpost
 
IT Security News
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis