Security News > 2016 > March > Google plugs 19 holes in newest Android security update (Help Net Security)
2016-03-08 19:29
In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical. Among these, and admittedly the most important to patch, are two remote code execution vulnerabilities in – yes, you’ve guessed it – Mediaserver. Mediaserver is a service in Android that allows the device to index media files that are located on it. The vulnerabilities in question (CVE-2016-0815, CVE-2016-0816) … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/72kBMP4SO9w/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-12 | CVE-2016-0815 | Improper Input Validation vulnerability in Google Android The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. | 9.8 |
| 2016-03-12 | CVE-2016-0816 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1 mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. | 9.8 |