As part of Android’s commitment to lower down risks and threats of malicious attacks on mobile devices resulting from gaps in the privacy and security capabilities of the Android operating system, it has committed, since Q4 of 2015, to release a monthly security update to deal with the risks and threats brought to its awareness by the Android community themselves. And now have the January 2016 update, which will roll out OTA (over the air) soon to Nexus devices.
At the top of the update is the fix for the “Remote Code Execution Vulnerability in Mediaserver”. A threat was discovered last year that during media file and data processing of a specially crafted file, vulnerabilities in the “mediaserver” process could allow an attacker to cause memory corruption and remote code execution. That is fixed now.
Among the fixes in this update also deal with privilege elevation through Wifi and Bluetooth connections, which could enable connected and paired devices to access a user’s information – including contact details and such.
This fix will of course go out first to Nexus devices, but hopefully other OEMs could pick this up soon and put out updates for their own devices. Watch out for updates for your devices within the month.