RV_ Posted December 9, 2015 Report Share Posted December 9, 2015 Excerpt: "Google has patched another critical Android vulnerability in Mediaserver, which has been maligned since this summer’s barrage of patches for the Stagefright vulnerability, along with a critical rooting vulnerability in the mobile operating system’s kernel. In all, 19 vulnerabilities were patched in Monday’s monthly over-the-air security update for Google Nexus mobile devices, five rated critical, 12 rated high, and two rated moderate. The issues were resolved in Nexus firmware Builds LMY48Z and later, and Android Marshmallow. Google said that source code patches will be available within the Android Open Source Project repository within 48 hours. The Mediaserver flaw, CVE-2015-6616, is the most serious, Google said, adding that four of the critical bugs can be exploited remotely. “During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process,” Google said in its security bulletin. Mediaserver is a core component of the Android OS and it interacts with a number of applications that can be used to exploit the bug, including MMS and browser media playback features, Google said. In November, Google patched another batch of Stagefright vulnerabilities living in Mediaserver; a separate critical vulnerability was also patched in the service. Yesterday’s update also included a patch for privilege elevation and information disclosure bugs in Stagefright that Google rated high severity. The privilege elevation bug could enable an attacker to gain Signature or SignatureOrSystem permissions that are accessible only locally, and not by third-party applications, while the information disclosure bug that happens during communication with Mediaserver and bypasses security measures in place, Google said." The rest of the details are here: https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/#sthash.gZ2GRH14.dpuf - See more at: https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/#sthash.gZ2GRH14.dpuf RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.