Android fixes critical vulnerabilities with latest Nexus update

Android developers today released a new update for its Nexus devices; which fixes seven severe vulnerabilities two of them are rated as “critical”.

The update is part of the google’s new security policy which was announced in August, where google will release an update every month with an aim to eliminate all new vulnerabilities in its OS.

The two highly critical vulnerabilities eliminated in this latest Android update are – “Remote Code Execution Vulnerabilities in Mediaserver” and “Remote Code Execution Vulnerability in libutils”.

Four out of five other vulnerabilities fixed are rated as highly severe. The Nexus users are over the moon after the news of this latest update.

Critical Vulnerability details: 

Remote Code Execution Vulnerabilities in Mediaserver – (CVE-2015-6608)

This vulnerability was reported by the Google Chrome security team researchers. Android developers rated this vulnerability ‘critical’ because it allows an hacker to remotely execute code, in other words malware activated by playing a specially crafted media file on a affected phone or tablet.

The vulnerability targets the key part of OS, which has access to permissions that third party apps cannot normally access. It is believed that no Android user is effected by this critical vulnerability because it was discovered by Google family security team researchers before any hacker.

Remote Code Execution Vulnerability in libutils – (CVE-2015-6609) 

This critical vulnerability is effecting version 6.0 and below. The vulnerability was first discovered and reported by the Copperhead Security researcher, “Daniel Micay”. This vulnerability can be used through audio file processing. It could allow an hacker to cause memory corruption and remotely execute code, (code can be a malware).

The core reason behind security team rating this vulnerability critical is because of the possibility of remote code execution in a privileged service.  The affected component has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

There are other 4 vulnerabilities which the Android security team rated as highly severe – full report. While only one vulnerability severity level is Moderate. The rating of these vulnerability is based on the effects, a device can suffer if an attacker successfully exploits it.

All the Nexus users should not waste any time in updating their devices, since the vulnerabilities are being fixed. Security researchers has applauded the Google’s latest policy of releasing updates like these every month, which fixes flaws in its OS. It will not only makes their users feel secure but will also increases the Nexus market share in long run.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How To Create A Virtual Penetration Testing Lab At Home

In this article, I will demonstrate how to create your own virtual penetration testing lab at home. Creating a pentesting lab is must for...

The Importance of Cyber Security in The Medical Device Industry

Medical devices are a revolutionary aspect of healthcare - they connect doctors and patients, help diagnose and treat diseases. Some - like ECMO machines...

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...