From InfoWorld: Google released a new batch of Android patches on Wednesday, fixing over 100 flaws in Android's own components and in chipset-specific drivers from different manufacturers.
Android's mediaserver component, which handles the processing of video and audio streams and has been a source of many vulnerabilities in the past, is at the forefront of this security update. It accounts for 16 Android vulnerabilities, including 7 critical flaws that can allow an attacker to execute code with higher privileges.
The bugs can be exploited by sending specifically crafted audio or video files to users' devices via the browser, email, or messaging apps. Because of the repeated mediaserver flaws, Google Hangouts and the default Android Messenger applications no longer pass media to this component automatically.
Another critical vulnerability was fixed in the OpenSSL and BoringSSL crypto libraries that are bundled with the Android OS. This flaw can also be exploited through a specially crafted file to execute code within the context of the affected processes.
View: Article @ Source Site
