Google released a new security update for Android, aiming to eliminate seven liabilities. Two of those vulnerabilities are deemed critical.
The tech giant wants to update Android data safety on a monthly basis, and the patches are part of this strategy. That is why the Android Security Bulletin Monthly Release recently launched an OTA security update.
Nexus devices that run Android 5.1 (Lollipop) and 6.0 (Marshmallow) are only the initial targets benefitting from the patches. The fixes are set to hit the Android Open Source Project (AOSP) on Wednesday, Nov. 4, for owners of other Androd handsets.
The two main vulnerabilities fixed by the patch are identified as CVE-2015-6608 and CVE-2015-6609. The first is a mediaserver component, while the second is a libutils one. What makes them very dangerous is that both of them can be remotely activated via media files that are crafted with malicious intent.
MMS messages and playing certain media in the Internet browser from the phone can help hackers take advantage of the vulnerabilities.
The monthly security releases began after a safety weak spot in a library called Stagefright caused panic among handset and software makers alike. Samsung, LG and Google teamed up to keep such threats at bay and decided to release security updates more often.
Media processing components seem to be a favorite target for hackers, or at least a point of entry for malicious software. The recent update for Android identified another three high severity flaws in the libstagefright, libmedia and mediaserver components. The last two security liabilities are in the Telephony and Bluetooth components.
Even if not all the safety flaws qualify for "critical" severity assessment, mild nuisances can lead to unpleasant experiences as well. An escalation-of-privilege vulnerability, for instance, grants a hacker access to phone numbers and can lead to data spoofing.
According to Google, the degree of danger presented in the description of the flaw ignores the existing filters, which can make the exploits difficult to accomplish. SafetyNet services and Verify Apps are two examples of walls that any malevolent software needs to breach before actually harming the handset user.
The search engine company points out that the latest Android versions have embedded anti-exploitation systems, so owners of Android smartphones will be safe as long as they update regularly.