Jump to content

Google Patches Critical Android Mediaserver Vulnerability


Recommended Posts



"Google has patched another critical Android vulnerability in Mediaserver, which has been maligned since this summer’s barrage of patches for the Stagefright vulnerability, along with a critical rooting vulnerability in the mobile operating system’s kernel.


In all, 19 vulnerabilities were patched in Monday’s monthly over-the-air security update for Google Nexus mobile devices, five rated critical, 12 rated high, and two rated moderate. The issues were resolved in Nexus firmware Builds LMY48Z and later, and Android Marshmallow. Google said that source code patches will be available within the Android Open Source Project repository within 48 hours.


The Mediaserver flaw, CVE-2015-6616, is the most serious, Google said, adding that four of the critical bugs can be exploited remotely.


“During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process,” Google said in its security bulletin. Mediaserver is a core component of the Android OS and it interacts with a number of applications that can be used to exploit the bug, including MMS and browser media playback features, Google said.


In November, Google patched another batch of Stagefright vulnerabilities living in Mediaserver; a separate critical vulnerability was also patched in the service. Yesterday’s update also included a patch for privilege elevation and information disclosure bugs in Stagefright that Google rated high severity. The privilege elevation bug could enable an attacker to gain Signature or SignatureOrSystem permissions that are accessible only locally, and not by third-party applications, while the information disclosure bug that happens during communication with Mediaserver and bypasses security measures in place, Google said."


The rest of the details are here: https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/#sthash.gZ2GRH14.dpuf - See more at: https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/#sthash.gZ2GRH14.dpuf

http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998

When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius


“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

RVers Online University


RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo

  • Create New...