Top Menu

Google has five critical Android security fixes for Nexus devices only

Google has fixed 12 security bugs in its Android source code – including five that would allow hackers to achieve remote code execution or root access.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

The table below contains a list of security vulnerabilities, the Common Vulnerability and Exposures ID (CVE), and their assessed severity.

Issue CVE Severity
Remote Code Execution Vulnerability in Mediaserver CVE-2015-6636 Critical
Elevation of Privilege Vulnerability in misc-sd driver CVE-2015-6637 Critical
Elevation of Privilege Vulnerability in the Imagination Technologies driver CVE-2015-6638 Critical
Elevation of Privilege Vulnerabilities in Trustzone CVE-2015-6639 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2015-6640 Critical
Elevation of Privilege Vulnerability in Bluetooth CVE-2015-6641 High
Information Disclosure Vulnerability in Kernel CVE-2015-6642 High
Elevation of Privilege Vulnerability in Setup Wizard CVE-2015-6643 Moderate
Elevation of Privilege Vulnerability in Wi-Fi CVE-2015-5310 Moderate
Information Disclosure Vulnerability in Bouncy Castle CVE-2015-6644 Moderate
Denial of Service Vulnerability in SyncManager CVE-2015-6645 Moderate
Attack Surface Reduction for Nexus Kernels CVE-2015-6646 Moderate

Please update your Nexus devices now! If you have other brands of Android devices, you will need to wait for them to release the patch. (This is the one of the biggest advantage for buying a Google Nexus devices – you get faster security updates.)

Click on the following link for instructions on how to update your Android devices. https://support.google.com/nexus/answer/4457705?hl=en

Source http://source.android.com/security/bulletin/2016-01-01.html

, , , ,