Android fixes critical vulnerabilities with latest Nexus update

Android developers today released a new update for its Nexus devices; which fixes seven severe vulnerabilities two of them are rated as “critical”.

The update is part of the google’s new security policy which was announced in August, where google will release an update every month with an aim to eliminate all new vulnerabilities in its OS.

The two highly critical vulnerabilities eliminated in this latest Android update are – “Remote Code Execution Vulnerabilities in Mediaserver” and “Remote Code Execution Vulnerability in libutils”.

Four out of five other vulnerabilities fixed are rated as highly severe. The Nexus users are over the moon after the news of this latest update.

Critical Vulnerability details: 

Remote Code Execution Vulnerabilities in Mediaserver – (CVE-2015-6608)

This vulnerability was reported by the Google Chrome security team researchers. Android developers rated this vulnerability ‘critical’ because it allows an hacker to remotely execute code, in other words malware activated by playing a specially crafted media file on a affected phone or tablet.

The vulnerability targets the key part of OS, which has access to permissions that third party apps cannot normally access. It is believed that no Android user is effected by this critical vulnerability because it was discovered by Google family security team researchers before any hacker.

Remote Code Execution Vulnerability in libutils – (CVE-2015-6609) 

This critical vulnerability is effecting version 6.0 and below. The vulnerability was first discovered and reported by the Copperhead Security researcher, “Daniel Micay”. This vulnerability can be used through audio file processing. It could allow an hacker to cause memory corruption and remotely execute code, (code can be a malware).

The core reason behind security team rating this vulnerability critical is because of the possibility of remote code execution in a privileged service.  The affected component has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

There are other 4 vulnerabilities which the Android security team rated as highly severe – full report. While only one vulnerability severity level is Moderate. The rating of these vulnerability is based on the effects, a device can suffer if an attacker successfully exploits it.

All the Nexus users should not waste any time in updating their devices, since the vulnerabilities are being fixed. Security researchers has applauded the Google’s latest policy of releasing updates like these every month, which fixes flaws in its OS. It will not only makes their users feel secure but will also increases the Nexus market share in long run.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...