A vulnerability affecting Nexus 5 Android devices was patched by Google yesterday as part of regularly scheduled monthly Android patch updates, according to the Threatpost blog.
The public exploit – a rooting application – was first revealed to Google by Zimperium researchers two weeks ago.
“It allows for consistent elevation of privilege, so anyone with malicious intentions with code execution already on a device and wants higher code execution, could use it to get access to the microphone or camera, or read email, anything like that,” Zimperium founder and CTO Zuk Avraham told Threatpost.
This month's bulletin fixes seven remote code execution bugs and memory corruption issues in Android components Mediaserver and libstagefright.
In total, 15 bugs rated critical by Google were addressed in eight Android components, including Mediaserver and libstagefright.Three critical flaws in DHCPCD which could allow remote code execution in the context of the DHCP client were also updated.