From ComputerWorld: In light of Android's mediaserver issues, Google’s latest Android security update focused on flaws related to the operating system's treatment of media files. Android’s current flaws are similar to problems that cropped up with Windows more than a decade ago.
Google addressed seven vulnerabilities as part of this month’s Android security update, released this week. Of the critical vulnerabilities, one was in the libutils component (CVE-2015-6609) near where Stagefright flaws were found over the summer, and the other was in the Android mediaserver component (CVE-2015-6609). They were rated as critical, as they could allow remote code execution when handling malformed media files.
There were three other vulnerabilities related to media processing rated as high. One was in the Stagefright media playback engine (CVE-2015-6610), one in mediaserver (CVE-2015-6611), and one in libmedia component (CVE-2015-6612).
The media processing layer is prone to vulnerabilities and attacks, said Trend Micro’s Christopher Budd. The operating system takes the data from Web services and executes it as a lower-level process, and handling the shift correctly can be tricky. It is easy to introduce mistakes in this layer.
View: Article @ Source Site
