Google Patches 6 Critical Security Vulnerabilities in Android

Technology giant Google released new security patches Monday to address some critical bugs in the Android operating system, including one that could allow an attacker to gain remote execution privileges through a variety of methods such as email, Web browsing, and instant messages.

The patch is being made available to Nexus devices via an over-the-air update. Android users can also update their devices directly from the Android Web site, while OEMs will have the option of directing users to the site or pushing their own over-the-air updates to users.

The security update, part of Google?EU?s normally scheduled monthly security patch releases, addresses a broad array of Android vulnerabilities. The most critical are the six vulnerabilities that relate to the operating system?EU?s Mediaserver.

Remote Code Execution Vulnerabilities

The vulnerability in the Mediaserver component could allow an attacker to cause a memory corruption when media files and data are being processed, allowing the hacker to execute remote code, according to Google.

In addition to the patch for the Mediaserver component, Google also released fixes for critical vulnerabilities in Android?EU?s GIFLIB library that could also allow remote code execution during a Mediaserver process, and an elevation of privilege vulnerability in the MediaTek touchscreen driver.

Other components of the operating system, such as the Qualcomm bootloader, the kernel sound subsystem, the Motorola bootloader, Nvidia video driver, Qualcomm power driver, and kernel trace subsystem, also contain critical exploits that could permanently compromise an Android device. However, those vulnerabilities are not as severe as the Mediaserver bug.

Although the potential for the abuse of these vulnerabilities is high, Google said that it has not received any reports of active exploits for them. Still, the company recommended that all users accept the update on their devices.

Timeline for Security Supports

Google also updated users on the service lifetimes for its Pixel...

Comments are closed.