One of the elements of Android most hit by malicious hackers is the Mediaserver, often referred to as Android’s “soft underbelly”. A lot of malware have targeted this element because it is very much vulnerable to exploits especially in Android KitKat and Android Lollipop – and unfortunately, a lot of people still use those versions of Android. This is why Google is continually patching this element – and it’s the same for the newly released security bulletin for the month of May.
Google has released its Android Security Bulletin for May, and it deals with a number of critical issues in the Mediaserver. This update is available OTA for Nexus and Pixel devices and updates the security patch level to May 5, 2017. The firmware images have also been released via the Google Developer site.
The most sever issue that the update patches is a vulnerability that potentially allows remote code execution via the Mediaserver. The possibility is that a malicious hacker can possibly attempt and do remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
Usually, manufacturers will follow suit and release this security bulletin as an update to their supported devices. Hopefully the manufacturers integrate this into an OTA for devices soon. The question is just who will be first to do it after Google.