Nexus 5X and Nexus 6 Critical Security risks patched by Google
Recently, Google has addressed some security risks for the Android OS that could have compromised the security of the user’s data. For example, one of the vulnerabilities would have allowed someone to remotely gain execution privileges through web browsing, emails or instant messages.
Nexus device users will have the update available for them, and Android users can update their devices from Android’s website. OEM will be directing the users to a website so they can update, or will provide them with an over-the-air update.
This update came as part of Google’s monthly security update releases, which has addressed a rather broad spectrum of issues for the Android. Notably, there have been six vulnerabilities which risked compromising the OS’s Mediaserver.
Potential to remote execute
One of the vulnerabilities that have been addressed in regards to the Mediaserver part has been addressed in this update. If left unaddressed, this could have allowed a potential attacker to corrupt the memory when data and files were being processed by the user. Should this happen, the memory corruption would permit the hacker to initialize a remote code execution. GIFLIB library has seen some attention in this update, having fixed a vulnerability which could also permit a code execution to be delivered during processes done via Mediaserver. There was also an issue with the touchscreen driver that has been resolved.
There have also been problems fixed in several of the OS’s subsystems, such as the Motorola bootloader, the video driver, the Kernal Sound Subsystem, and a few others. All these had several vulnerabilities which could have permitted an attacker to exploit.
There haven’t been any reports of attackers exploiting the users, so it is nice to see that Google has taken the initiative early with this fix. According to them, the chance for an attacker to exploit these vulnerabilities was pretty high.