1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google patches critical media processing flaws in Android

Discussion in 'Network World' started by RSS, Nov 2, 2015.

  1. RSS

    RSS New Member Member

    New security patches for Google's Nexus devices address seven vulnerabilities, two of which are critical and could allow for remote code execution when handling media files.

    The updates, released on Monday, are part of Google's recently introduced monthly patch cycle and are available for Nexus devices running both Android 5.1 (Lollipop) and 6.0 (Marshmallow). The source code for the fixes will also be added to the Android Open Source Project (AOSP) over the next 48 hours.

    The most serious flaws patched in this release are tracked as CVE-2015-6608 and CVE-2015-6609, and are located in the mediaserver and libutils components of Android, respectively. Both vulnerabilities can be exploited remotely through specially crafted media files.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page