As promised Google has released first ever android monthly security updates for nexus devices. Over-the-air (OTA updates) has begun rolling out to nexus devices. Google has also updated it factory images for it’s line of Nexus devices.
Android Open Source Project (AOSP) repository will be updated with these updates in next two days. Now it will be interesting to see which smartphone manufacturer live upto the expectations of its user and release these updates to their devices.
Security Bulletin : Android Monthly Security Update & Patches.
According to Google Seven vulnerabilities are fixed via November security bulletin. Out of seven, two vulnerabilities related to mediaserver CVE-2015-6608 & libutils CVE-2015-6609 are rated as critical. These vulnerabilities can be exploited with remore code execution through email, web browsing and MMS when processing media files.
No public details about these two issue is available, both vulnerabilities were discovered by security teams of Google & Copperhead Security.
Remote Code Execution Vulnerabilities in Mediaserver
Remote Code Execution Vulnerability in libutils
Information Disclosure Vulnerabilities in Mediaserver
Elevation of Privilege Vulnerability in libstagefright
Elevation of Privilege Vulnerability in libmedia
Elevation of Privilege Vulnerability in Bluetooth
Elevation of Privilege Vulnerability in Telephony