Google fixes four critical vulnerabilities in latest Android update

Google has released it’s latest Android update for its Nexus
family, which eliminated around 16 vulnerabilities in Android OS. The update is
part of the google’s security policy in which company will release a security
update every month to make its Nexus devices more secure.

There are some highly critical vulnerabilities fixed in this
latest monthly update, one of the critical flaw could lead to permanent device
compromise. Which can only be fixed by reflashing the entire OS. Apart from fixing
this critical vulnerability , latest update eliminated three other highly
critical vulnerabilities according to an official
announcement on google groups.

Google started this monthly security patch update program
back in August and the company has received pretty warm feedback from its Nexus
users. This is the fifth security patch and so far more than 15 critical
vulnerabilities has been fixed in Nexus devices since the start of August.
Here is the list of highly critical vulnerabilities fixed by
Google in this latest update:

  Remote Code Execution Vulnerability in
Mediaserver – (CVE-2015-6616)
This vulnerability can allow an attacker to cause memory
corruption and remote code execution as the mediaserver process.

 Remote Code Execution Vulnerability in Skia – (CVE-2015-6617)

A vulnerability in the Skia component may be leveraged when
processing a specially crafted media file, that could lead to memory corruption
and remote code execution in a privileged process. 
 Elevation of Privilege in Kernel – (CVE-2015-6619)

An elevation of privilege vulnerability in the system kernel
could enable a local malicious application to execute arbitrary code within the
device root context.

 Remote Code Execution Vulnerabilities in Display
Driver – (CVE-2015-6633,CVE-2015-6634)

There are vulnerabilities in the display drivers that, when
processing a media file, could cause memory corruption and potential arbitrary
code execution in the context of the user mode driver loaded by mediaserver.

There are other 10 vulnerabilities which the security team
rated as highly seavere and only two are rated as Moderate. The updates are
currently only available for Nexus users, but other Android users (Samsung,LG,Black
Berry) will receive the updates in few days. 
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.