Jump to content

Google Patches Critical Android Mediaserver Vulnerability


Recommended Posts



"Google has patched another critical Android vulnerability in Mediaserver, which has been maligned since this summer’s barrage of patches for the Stagefright vulnerability, along with a critical rooting vulnerability in the mobile operating system’s kernel.


In all, 19 vulnerabilities were patched in Monday’s monthly over-the-air security update for Google Nexus mobile devices, five rated critical, 12 rated high, and two rated moderate. The issues were resolved in Nexus firmware Builds LMY48Z and later, and Android Marshmallow. Google said that source code patches will be available within the Android Open Source Project repository within 48 hours.


The Mediaserver flaw, CVE-2015-6616, is the most serious, Google said, adding that four of the critical bugs can be exploited remotely.


“During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process,” Google said in its security bulletin. Mediaserver is a core component of the Android OS and it interacts with a number of applications that can be used to exploit the bug, including MMS and browser media playback features, Google said.


In November, Google patched another batch of Stagefright vulnerabilities living in Mediaserver; a separate critical vulnerability was also patched in the service. Yesterday’s update also included a patch for privilege elevation and information disclosure bugs in Stagefright that Google rated high severity. The privilege elevation bug could enable an attacker to gain Signature or SignatureOrSystem permissions that are accessible only locally, and not by third-party applications, while the information disclosure bug that happens during communication with Mediaserver and bypasses security measures in place, Google said."


The rest of the details are here: https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/#sthash.gZ2GRH14.dpuf - See more at: https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/#sthash.gZ2GRH14.dpuf

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...