Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google patches two critical vulnerabilities in Nexus devices

Google issued an over-the-air security update for its Nexus devices on Nov. 2, which included patches for two “Critical” bugs as well as more fixes for vulnerabilities in Android's Stagefright code.

The more severe of the two, CVE-2015-6608, could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files, Google wrote on its security page. The second “Critical” flaw, CVE-2015-6609, could allow an attacker to cause memory corruption and remote code execution during the processing of a specially crafted file.

The update also included four “High” and one “Moderate” patch for bugs in the Mediaserver, Bluetooth, libmedia and Telephony features that would allow an attacker to disclose information or have an elevation of privilege.

The source code for the patches will be released to the Android Open Source Project.

Related

Security concerns curb open source utilization

Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.