In total, this month’s update fixes just under 30 known vulnerabilities. According to Google, the new update comes to take care of a critical vulnerability that could allow the remote execution of codes on a victim’s device through web browsing, email, and MMS, among other methods.
Advertisement
“There have been no reports of active customer exploitation or abuse of the other newly-reported issues”, the company said. Also of note in the April Android update is the CVE-2015-1805 critical flaw that Google first warned about in a March 18Android advisory. “Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates”, said Google.
Under new leadership, Android is coming to the fore as one of the most important projects under Google and it is proven by how much demand there is for phones bearing the stock Android interface. If, like the 6P, the S6 had a GPE model, the Nexus device wouldn’t have done as well as it has. Google releases these small updates out much faster than big updates like the Android 5.1 to Android 6.0 update. There are six critical issues that were fixed, and four of those involved remote code for different parts of the operating system including the MediaServer. The mediaserver service has access to audio and video streams, as well as access to privileges that third-party apps could not normally access. If the attack is successful, the attacker could cause memory corruption and remotely execute code with the privileges available to the Mediaserver process.
Advertisement
Other components where critical flaws were found and patched include the Android kernel, the Dynamic Host Configuration Protocol (DHCP) client, the Qualcomm Performance module and the Qualcomm RF module. One flaw that Google fixed could have enabled an attacker to reset a user’s Android device and erase all the data.
