Security News > 2016 > March > Google plugs 19 holes in newest Android security update (Help Net Security)
2016-03-08 19:29
In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical. Among these, and admittedly the most important to patch, are two remote code execution vulnerabilities in – yes, you’ve guessed it – Mediaserver. Mediaserver is a service in Android that allows the device to index media files that are located on it. The vulnerabilities in question (CVE-2016-0815, CVE-2016-0816) … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/72kBMP4SO9w/
Related news
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)
- Google Launches AI-Powered Theft and Data Protection Features for Android Devices (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Google takes shots at Microsoft for shoddy security record with enterprise apps (source)
- Over 90 malicious Android apps with 5.5M installs found on Google Play (source)
- Google patches exploited Android zero-day on Pixel devices (source)
- Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day (source)
- How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-12 | CVE-2016-0815 | Improper Input Validation vulnerability in Google Android The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. | 10.0 |
| 2016-03-12 | CVE-2016-0816 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1 mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. | 10.0 |