Marshmallow OS to get patch for two critical Android bug

Google has patched seven of its code execution vulnerabilities in which two of them had been rated important, although 4 ended up significant and a person was reasonable. This was the fourth spherical of Android patching given that August this calendar year.

Two flaws, which give attackers distant code execution, that had been rated vital incorporate libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608) holes. The holes can be exploited by sending crafted media data files to the affected units.

Google informed their “partners’ about the patch on October 5, and the patch code is set to be accessible on Nexus, Samsung, and Android Open up Resource Challenge, but it will be very first accessible for its most up-to-date Marshmallow Android running program.

In its advisory Google stated that, “The most intense of these difficulties is a crucial safety vulnerability that could empower distant code execution on an impacted machine by way of numerous solutions these types of as e-mail, world-wide-web browsing, and MMS when processing media information.”

“Through media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to induce memory corruption and distant code execution as the mediaserver approach.The afflicted features is furnished as a core component of the operating method and there are many apps that let it to be arrived at with distant information, most notably MMS and browser playback of media.”

Privilege elevation bug is solved in libstagefright library which was individual from StageFright vulnerabilities noted by Zimperium researcher Joshua Drake previously this calendar year.

Vulnerabilities in Bluetooth (CVE-2015-6613), the mediaserver (CVE-2015-6611), the telephone application (CVE-2015-6614), and libmedia (CVE-2015-6612) were also patched.

Google suggests “exploitation is produced tougher on the protection-improved Marshmallow Android platform.