Google issued an over-the-air security update for its Nexus devices on Tuesday, which included fixes for the recently discovered vulnerabilities in Android’s Stagefright code.
The source code for its patches will also be released to the Android Open Source Project, Google wrote on its security page. The group deemed the Stagefright vulnerabilities the most critical, as they could allow for remote code execution on an affected device through multiple methods, including email, web browsing and MMS when processing media files.
Beyond the Stagefright bugs, other patched vulnerabilities included some in libutils, a generic library, and pertain to audio file processing. These flaws could allow an attacker, during processing of a specially crafted file, to cause memory corruption and remote code execution in a service that uses this library as a mediaserver. This is considered a critical vulnerability.