Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google patches two critical vulnerabilities in Nexus devices

Google issued an over-the-air security update for its Nexus devices on Nov. 2, which included patches for two “Critical” bugs as well as more fixes for vulnerabilities in Android's Stagefright code.

The more severe of the two, CVE-2015-6608, could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files, Google wrote on its security page. The second “Critical” flaw, CVE-2015-6609, could allow an attacker to cause memory corruption and remote code execution during the processing of a specially crafted file.

The update also included four “High” and one “Moderate” patch for bugs in the Mediaserver, Bluetooth, libmedia and Telephony features that would allow an attacker to disclose information or have an elevation of privilege.

The source code for the patches will be released to the Android Open Source Project.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.