Google patches two critical vulnerabilities in Nexus devices

Google has patched two vulnerabilities in Nexus devices that could enable remote code execution and more.
Google has patched two vulnerabilities in Nexus devices that could enable remote code execution and more.

Google issued an over-the-air security update for its Nexus devices on Nov. 2, which included patches for two “Critical” bugs as well as more fixes for vulnerabilities in Android's Stagefright code.

The more severe of the two, CVE-2015-6608, could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files, Google wrote on its security page. The second “Critical” flaw, CVE-2015-6609, could allow an attacker to cause memory corruption and remote code execution during the processing of a specially crafted file.

The update also included four “High” and one “Moderate” patch for bugs in the Mediaserver, Bluetooth, libmedia and Telephony features that would allow an attacker to disclose information or have an elevation of privilege.

The source code for the patches will be released to the Android Open Source Project.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS