Google Patches Another High-Severity Android Bug

Android users have yet another high-severity vulnerability to watch out for in the mediaserver components of their devices. Google has now published a patch for the vulnerability, which was discovered in June by researchers at the IT security firm Trend Micro.

Over the past several weeks, the mediaserver in the Android mobile operating system has been found to feature several serious flaws that could open devices to a variety of hack attacks. The most severe of these, linked to the Stagefright media library, exposed as many as 950 million Android device owners to potential security failures.

The spate of vulnerability discoveries has prompted Google and many Android device manufacturers to begin providing more frequent and regular security updates.

The latest vulnerability, designated as CVE-2015-3842, involves the AudioEffect component of the Android mediaserver program. It can be exploited by hackers who convince users to install apps that don't require any special permissions, after which attackers could run their own codes on the affected devices.

'No Known Active Attacks'

The AudioEffect flaw affects Android versions 2.3 through 5.1.1, according to Trend Micro. "Currently, there are no known active attacks against this vulnerability," the company added.

"This attack can be fully controlled, which means a malicious app can decide when to start the attack and also when to stop," Trend Micro mobile threat response engineer Wish Wu noted in a blog post published yesterday. "An attacker would be able to run their code with the same permissions that mediaserver already has as part of its normal routines."

In addition to downloading mobile security software to protect against such vulnerabilities, Android users can try rebooting their devices in safe mode and uninstalling the malicious apps if they believe they have been affected, Wu added.

Google's Android Security Team was informed of the problem on June 19 and...

Comments are closed.