These patched flaws are effecting Android KitKat 4.4.4, Android Lollipop 5.1 and Android 6.0 versions. Two critical remote execution vulnerabilities in media server could allow an attacker to cause memory corruption and remote code execution as the media server process.
The patched bugs are reported on January 4th this year. Blackberry was the only vendor who released an update for its PRIV handsets, within few hours of Google’s OTA update for Nexus users. Samsung users will have to wait for a week or two before they update their Android handsets.
The critical flaws which are fixed in Nexus devices are:
- Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
- Remote Code Execution Vulnerability in Mediaserver
- Elevation of Privilege Vulnerability in Qualcomm Performance Module
- Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
- Elevation of Privilege Vulnerability in the Debugger Daemon