Google releases an update for Android this month that should fix the 102 mediaserver flaws, six of with have critical impact.
Google has just released the April 2017 Android security update that patches 102 different vulnerabilities of the phone’s OS. 15 of these have been rated as having a critical impact so far.
Starting August 2015, the Android mediaserver has been patched in every security update released by Google. The newest security update found a total of 15 flaws – 6 critical ones, 5 with a high impact and 4 with a moderate impact.
Google says that a remote code execution vulnerability in Mediaserver could enable a hacker who uses a special file to cause memory corruption in media files and during the processing of data.
The first time the flaws in the Android mediaserver were reported was in July 2015, and the initial vulnerability – Stagefright – was discovered by Joshua Drake, Zimperium’s vice president of Platform Research and Exploitation.
Alan Ludwig, Google’s director of Android security, confirmed in a March 2017 eWeek interview that all mediaserver issues will be fixed to limit the risks for all versions of Android.
The April Android security update has identified a critical vulnerability – CVE-2017-0561 – in Broadcom’s Wi-Fi firmware; this could enable a remote attacker to execute arbitrary code in the Wi-Fi System on a Chip, according to Google.
The April update also brings a patch to fix a critical vulnerability in the HTC touchscreen driver named CVE-2017-0563. This could enable a local malicious app to execute arbitrary code and the issue was rated as critical due to possible local permanent compromise for the device. This could result in the need to reflash the OS in order to repair the device.
There is a long list of flaws and vulnerabilities that need patching in more Qualcomm drivers and components. April update patches 41 Qualcomm vulnerabilities: 21 critical ones, 12 with high impact and 8 rated as moderate.