Android fixes critical vulnerabilities with latest Nexus update

Android developers today released a new update for its Nexus devices; which fixes seven severe vulnerabilities two of them are rated as “critical”.

The update is part of the google’s new security policy which was announced in August, where google will release an update every month with an aim to eliminate all new vulnerabilities in its OS.

The two highly critical vulnerabilities eliminated in this latest Android update are – “Remote Code Execution Vulnerabilities in Mediaserver” and “Remote Code Execution Vulnerability in libutils”.

Four out of five other vulnerabilities fixed are rated as highly severe. The Nexus users are over the moon after the news of this latest update.

Critical Vulnerability details: 

Remote Code Execution Vulnerabilities in Mediaserver – (CVE-2015-6608)

This vulnerability was reported by the Google Chrome security team researchers. Android developers rated this vulnerability ‘critical’ because it allows an hacker to remotely execute code, in other words malware activated by playing a specially crafted media file on a affected phone or tablet.

The vulnerability targets the key part of OS, which has access to permissions that third party apps cannot normally access. It is believed that no Android user is effected by this critical vulnerability because it was discovered by Google family security team researchers before any hacker.



Remote Code Execution Vulnerability in libutils – (CVE-2015-6609) 


This critical vulnerability is effecting version 6.0 and below. The vulnerability was first discovered and reported by the Copperhead Security researcher, “Daniel Micay”. This vulnerability can be used through audio file processing. It could allow an hacker to cause memory corruption and remotely execute code, (code can be a malware).

The core reason behind security team rating this vulnerability critical is because of the possibility of remote code execution in a privileged service.  The affected component has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

There are other 4 vulnerabilities which the Android security team rated as highly severe – full report. While only one vulnerability severity level is Moderate. The rating of these vulnerability is based on the effects, a device can suffer if an attacker successfully exploits it.

All the Nexus users should not waste any time in updating their devices, since the vulnerabilities are being fixed. Security researchers has applauded the Google’s latest policy of releasing updates like these every month, which fixes flaws in its OS. It will not only makes their users feel secure but will also increases the Nexus market share in long run.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...