After the discovery of several critical security flaws in the mobile operating system, Google continues to send out patches to address the vulnerabilities. The patch includes a fix for another flaw in the Stagefright media playback engine - one in libutils where the Stagefright 2.0 vulnerabilities were found, and two in Android Mediaserver where all the vulnerable code runs. The over-the-air update was released today to Google’s Nexus devices and will be added to the Android Open Source Project (AOSP) repository in the next two days; Google partners including Samsung were provided the patches. Google rated one of the Mediaserver vulnerabilities, CVE-2015-6608, as critical, as it did the libutils flaw, CVE-2015-6609; both allow for remote code execution if exploited. Mediaserver is a core part of the Android OS and a number of applications that accept remote contact interact with it, pointing to MMS messaging and media playback via the browser as two examples.
IT Security News
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street