Security News > 2016 > March > Google plugs 19 holes in newest Android security update (Help Net Security)

Google plugs 19 holes in newest Android security update (Help Net Security)
2016-03-08 19:29

In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical. Among these, and admittedly the most important to patch, are two remote code execution vulnerabilities in – yes, you’ve guessed it – Mediaserver. Mediaserver is a service in Android that allows the device to index media files that are located on it. The vulnerabilities in question (CVE-2016-0815, CVE-2016-0816) … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/72kBMP4SO9w/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-03-12 CVE-2016-0815 Improper Input Validation vulnerability in Google Android
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349.
network
low complexity
google CWE-20
critical
 9.8
9.8
2016-03-12 CVE-2016-0816 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.
network
low complexity
google CWE-119
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 257 4345 4742 748 10092