The latest security update for the Android Open Source Project has been released by Google. It will be coming to the Nexus handsets soon and is already available for Blackberry PRIV. The new update supposedly fixes 19 security issues out of which seven were critical issues. Critical issues are those which are the highest on the severity scale and has the most damaging effects. Also, there are two severe bugs that are not yet rectified by the devs from Google. The two bugs namely CVE-2016-0815 and CEV-2016-0816, have not yet been resolved and has been lingering on since the two stagefright bugs of September 2015.
Both these bugs affect the Mediaserver component in Android and are really dangerous. The word dangerous has to be taken seriously here as Google’s engineers have specified a list of possible issues that can be caused due to this issue. Like mentioned above, the Mediaserver component has access to audio and video files in the phone. It also has special privileges that even third party apps don’t have. Mediaserver continuously scans for media files and corrupted files can cause it to consume excess battery in some cases.
According to some of the engineers from Google, an attacker can have access to the victim’s phone just by sending an MMS or video clip. Or they can trick the user into opening a webpage that contains a malicious image, video or audio. Here are a couple of the issues that were fixed in the update. For a complete list, check out this link.
- Remote Code Execution Vulnerability in Mediaserver, which had a critical status was fixed.
- Elevation of Privilege in Conscrypt, which had a critical status was fixed.