Before Google makes an official announcement of the upcoming Nexus pair, the Internet giant is also busy releasing software updates for the current Nexus models. Build LMY48M is now ready for your Nexus and fix whatever bugs and security vulnerabilities are there. So aside from Stagefright, the Nexus line faces more vulnerabilities.
Google has provided a list of these security vulnerabilities. The patches for them and the Nexus software device updates have been released to the Android Open Source Project (AOSP) source repository according to the company. Of all the issues listed, the Critical security vulnerability is the most problematic because it could enable remote code execution.
The Android team encourages all Nexus users to get the update to make sure not any of these vulnerabilities exploit their devices:
• Remote Code Execution Vulnerability in Mediaserver
• Elevation of Privilege Vulnerability in Kernel
• Elevation of Privilege Vulnerability in Binder
• Elevation of Privilege Vulnerability in Keystore
• Elevation of Privilege Vulnerability in Region
• Elevation of Privilege vulnerability in SMS enables notification bypass.
• Elevation of Privilege Vulnerability in Lockscreen
• Denial of Service Vulnerability in Mediaserver
The vulnerabilities discovered may be available but fortunately, no exploitation has been reported yet except for one. Of these issues, only the ‘Elevation of Privilege Vulnerability in Kernel’ has a reported active exploitation. Meanwhile, ‘Denial of Service Vulnerability in Mediaserver’ is low in severity.
Not that these OTAs are different from the Stagefright security patches being pushed out by Google recently. Several techniques have been made to prevent exploitation including ‘enhancements in the Address Space Layout Randomization (ASLR) algorithm’ Android 4.1 and higher. It’s the same with Android Lollipop where position-independent executable (PIE) is required. Google also updated Messenger and Hangouts and has enabled by default the ‘Verify App’s feature on Android.
SOURCE: Google
