Google fixes four critical vulnerabilities in latest Android update
Google has released it's latest Android update for its Nexus family, which eliminated around 16 vulnerabilities in Android OS. The update is part of the google's security policy in which company will release a security update every month to make its Nexus devices more secure.
There are some highly critical vulnerabilities fixed in this latest monthly update, one of the critical flaw could lead to permanent device compromise. Which can only be fixed by reflashing the entire OS. Apart from fixing this critical vulnerability , latest update eliminated three other highly critical vulnerabilities according to an official announcement on google groups.
Google started this monthly security patch update program back in August and the company has received pretty warm feedback from its Nexus users. This is the fifth security patch and so far more than 15 critical vulnerabilities has been fixed in Nexus devices since the start of August.
Here is the list of highly critical vulnerabilities fixed by Google in this latest update:
Remote Code Execution Vulnerability in Mediaserver – (CVE-2015-6616)
This vulnerability can allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
Remote Code Execution Vulnerability in Skia – (CVE-2015-6617)
A vulnerability in the Skia component may be leveraged when processing a specially crafted media file, that could lead to memory corruption and remote code execution in a privileged process.
Elevation of Privilege in Kernel – (CVE-2015-6619)
An elevation of privilege vulnerability in the system kernel could enable a local malicious application to execute arbitrary code within the device root context.
Remote Code Execution Vulnerabilities in Display Driver – (CVE-2015-6633,CVE-2015-6634)
There are vulnerabilities in the display drivers that, when processing a media file, could cause memory corruption and potential arbitrary code execution in the context of the user mode driver loaded by mediaserver.
There are other 10 vulnerabilities which the security team rated as highly seavere and only two are rated as Moderate. The updates are currently only available for Nexus users, but other Android users (Samsung,LG,Black Berry) will receive the updates in few days.
