A statue for Google's Android Marshmallow operating system sits on the Google campus in Mountain View on August 17, 2015. Credit: Martyn Williams
More holes have been found in Android's multimedia playback software
Google has released 16 patches for Android, including one for a critical remote execution vulnerability in the operating system's mediaserver.
The company's Nexus devices will receive an over-the-air update. Google's partners were notified no later than Feb. 1 of the fixes, giving them more than a month to prepare.
The vulnerabilities in mediaserver could be exploited if malicious content is displayed or played on a device, such as an MMS, email, or if the browser plays some type of media, Google's advisory said.
A string of vulnerabilities has been found in media playback software since last year, most notably the Stagefright bug.
That flaw could have allowed an attacker to compromise a device just by sending a malicious MMS. A successful compromise required an attacker to know only the victim's phone number.
The severity of Stagefright prompted Google to move to a monthly patching schedule to address long-running concerns that Android was not regularly fixed. Mobile devices, particularly those running Android, are a frequent targetfor cyberattacks.
Samsung and LG, both major Android manufacturers, also pledged to improve the speed at which security fixes are applied.
The other patches released by Google include five critical ones, eight rated high severity and two considered moderate.
The source code for the fixes will be published on the Android Open Source Project repository within two days. Updated Nexus firmware images are here.
No comments:
Post a Comment