Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google releases patches for new Stagefright discovery

Google issued an over-the-air security update for its Nexus devices on Tuesday, which included fixes for the recently discovered vulnerabilities in Android's Stagefright code.

The source code for its patches will also be released to the Android Open Source Project, Google wrote on its security page. The group deemed the Stagefright vulnerabilities the most critical, as they could allow for remote code execution on an affected device through multiple methods, including email, web browsing and MMS when processing media files.

Beyond the Stagefright bugs, other patched vulnerabilities included some in libutils, a generic library, and pertain to audio file processing. These flaws could allow an attacker, during processing of a specially crafted file, to cause memory corruption and remote code execution in a service that uses this library as a mediaserver. This is considered a critical vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.