- Siemens Mitigation Plan for Simatic App
- Chemicals Leak at DE Refinery
- Microsoft Engineer Charged with Money Laundering
- Schneider Software Plan for InduSoft, InTouch Hole
- Schneider Updates its Triconex Tricon
- Rockwell Plan on Stratix Services Router Fix
- Rockwell Updates Stratix, ArmorStratix Switches
- Rockwell Mitigation Plan for Ethernet Switch
Chemical Safety Incidents
Android Mediaserver Hole Patched
Monday, January 11, 2016 @ 04:01 PM gHale
Google fixed 12 bugs, five of which were critical, in Android.
Ever since Google started offering monthly security updates for Android, the company has been patching a Remote Code Execution (RCE) critical bug in its Mediaserver component every month.
RELATED STORIES
Android Malware Blocks Security
Trojan Gains Root Access, Hacks Androids
New Tools for Espionage Group
Down, but not Out: Blackhole Returns
The parade started in September (CVE-2015-3864), October (15 bugs in libstagefright, part of Mediaserver), November (CVE-2015-6608), December (CVE-2015-6616), and now January (CVE-2015-6636).
This most recent issue affects devices running Android 5.0 or higher, and Google said “the affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.”
This means, just like Stagefright, an attacker can craft a malicious image, audio, or video file, and send it via an MMS or stream via the user’s browser.
When this happens, exploiting a memory corruption bug, attackers can execute remote code on the device. Based on their skills in working with loopholes in Android’s system, they could take control of targeted devices.
Google’s own security researchers discovered this flaw, and the company said it had not seen any attacks exploiting this new Mediaserver vulnerability.
Leave a Reply
You must be logged in to post a comment.