Google patches five critical Android issues

Google's January security bulletin contained 12 issues.
Google's January security bulletin contained 12 issues.

Google yesterday issued 12 patches for its Nexus-branded devices with five being considered critical by the company.

Google reported the most serious vulnerability (CVE-2015-6636) centers on the Mediaserver for Android versions 5.0, 5.1.1, 6.0, 6.0.1, which is open to a remote code execution through several different avenues including, email, web browsing and MMS when processing media files, the company wrote in its monthly security bulleting.

“We have had no reports of active customer exploitation of these newly reported issues,” Google said, adding the fixes were issued through an over-the-air patch that the company recommends its customers install.

Other phone manufactures will be issuing updates for their devices through the Google Open Source Project over the next 48 hours.

The other critical issues are:

  • Elevation of Privilege Vulnerability in misc-sd driver (CVE-2015-6637)
  • Elevation of Privilege Vulnerability in the Imagination Technologies driver (CVE-2015-6638)
  • Elevation of Privilege Vulnerabilities in Trustzone  (CVE-2015-6639)
  • Elevation of Privilege Vulnerability in Kernel (CVE-2015-6640)

Two of the remaining patches are rated “high” and five “moderate.”

The Google's internal team was responsible for tracking down the majority of the problems covered.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS