As promised Google has released first ever android monthly security updates for nexus devices. Over-the-air (OTA updates) has begun rolling out to nexus devices. Google has also updated it factory images for it’s line of Nexus devices.

Android Open Source Project (AOSP) repository will be updated with these updates in next two days. Now it will be interesting to see which smartphone manufacturer live upto the expectations of its user and release these updates to their devices.
android monthly security update

 

Security Bulletin : Android Monthly Security Update & Patches.

According to Google Seven vulnerabilities are fixed via November security bulletin. Out of seven, two vulnerabilities related to mediaserver CVE-2015-6608 & libutils CVE-2015-6609 are rated as critical. These vulnerabilities can be exploited with remore code execution through email, web browsing and MMS when processing media files.

No public details about these two issue is available, both vulnerabilities were discovered by security teams of Google & Copperhead Security.

 

Also read: what is Android Stagefright Vulnerability and how to protect your devices.

 

Issue

CVE

Severity

Remote Code Execution Vulnerabilities in Mediaserver

CVE-2015-6608

Critical

Remote Code Execution Vulnerability in libutils

CVE-2015-6609

Critical

Information Disclosure Vulnerabilities in Mediaserver

CVE-2015-6611

High

Elevation of Privilege Vulnerability in libstagefright

CVE-2015-6610

High

Elevation of Privilege Vulnerability in libmedia

CVE-2015-6612

High

Elevation of Privilege Vulnerability in Bluetooth

CVE-2015-6613

High

Elevation of Privilege Vulnerability in Telephony

CVE-2015-6614

Moderate

Source: Google Developers, Google Groups

LEAVE A REPLY

Please enter your comment!
Please enter your name here