Google patches two critical vulnerabilities in Nexus devices
Google has patched two vulnerabilities in Nexus devices that could enable remote code execution and more.
The more severe of the two, CVE-2015-6608, could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files, Google wrote on its security page. The second “Critical” flaw, CVE-2015-6609, could allow an attacker to cause memory corruption and remote code execution during the processing of a specially crafted file.
The update also included four “High” and one “Moderate” patch for bugs in the Mediaserver, Bluetooth, libmedia and Telephony features that would allow an attacker to disclose information or have an elevation of privilege.
The source code for the patches will be released to the Android Open Source Project.