Another month and Another Android security update. Google is continuously curious about its users security, and with that team deal with the latest discovered Vulnerabilities.
This time there are lots of patch listed on Android Security Bulletin including some critical one with RCE.
On this New year Google patched 10 vulnerabilities marked critical, 28 marked as high severity, and 12 marked as moderate severity in total. Among these Mediaserver Vulnerability is most critical one.
Google notes that the most severe of the patched issues is a Critical vulnerability that could enable remote code execution on an affected device. This remote execution could be initiated through multiple methods such as email, web browsing, and MMS when processing media files.
Among the other critical vulnerabilities patched by Google is an elevation of privilege vulnerability (CVE-2016-8424) identified in NVIDIA’s GPU driver as well as in Qualcomm’s bootloader (CVE-2016-8422). Additional critical elevation of privileges vulnerabilities were identified within several Qualcomm components such as cameras (CVE-2016-8412) used in Android Snapdragon phones made by LG and Samsung. Like Mediaserver, Qualcomm’s components have also been aggressively patched by Google with the most notable flaw, QuadRooter, having been identified in August 2016.
This time there are lots of patch listed on Android Security Bulletin including some critical one with RCE.
Google notes that the most severe of the patched issues is a Critical vulnerability that could enable remote code execution on an affected device. This remote execution could be initiated through multiple methods such as email, web browsing, and MMS when processing media files.
Good news is that there is no active exploitation for these Vulnerabilities.
Users of Nexus devices is already getting these security updates and other vendors Samsung and LG users can also check for the OTA updates.