alt=
203x44-linked-in
News ▶ Android
Google patches Nexus devices

More Mediaserver fixes

The troubled Mediaserver issues are rumbling on. Google just released a batch of patches which contain fixes to further vulnerabilities found, plus WiFi and kernel remote code execution problems. Builds LMY49G and later contain the patches and you can check if your device is affected here.

5 critical, 4 high and 1 moderate

Two of the critical fixes, CVE-2016-0801 and CVE-2016-0802 are to counter attacks against the Broadcom WiFi driver. This requires the attacker and victim to be on the same network, but is classed as critical because it doesn't need the users involvement at all.

No reports in the wild

Google reported they have had found no instances of active customer exploitation from these issues.

The mediaserver patch is once again to guard against a specially formatted file which must be passed into the users system before it can attack, and since there are many ways it can get in, such as MMS, website downloads or email attachments, it too is classed as critical.

Another fix contained in this release is CVE-2016-0808, which could have the nasty effect of forcing the device to continually reboot.

The full details are here.