Google's April Update for Nexus Android Patches Nearly 40 Vulnerabilities

2016/04/05

The new security update patched nearly 40 vulnerabilities including 15 classified as critical. These vulnerabilities were located in the DHCPCD services, Stagefright library, Media Codec, Android kernel, MedisaServer, and Qualcomm components. 

Google's April update for Nexus Android patches nearly 40 vulnerabilities including 15 rated as critical. 

The most serious of the vulnerabilities patched by Google in its latest update enabled remote code execution. Affected devices were attacked when playing media files in emails, on the web or in MMS messages.


Critical vulnerabilities included DHCPCD services, Stagefright library, Media Codec, Android kernel, 7 remote code execution vulnerabilities in MediaServer, as well as elevation-of-privilege vulnerabilities in the Android kernel, Qualcomm Performance Module and Qualcomm RF driver.

The Android kernel elevation-of-privilege vulnerability named CVE-2015-1805 had already been patched in an extraordinary security update released by Google last month. This allowed Rooting malware accidentally installed by the victim from Google Play or other sources to gain device administrator privileges. Devices running Android 4.4.4 or higher were affected. Google Play now blocks the installation of these programs using Verify Apps. The new security update also included 16 high-risk and 8 moderate-risk vulnerabilities. 

Google's partners were notified via a security bulletin before March 16. The latest update will also be released to the Android Open Source Project (AOSP) within 48 hours. Samsung has already released security updates for its Galaxy S6 and S6 Edge mobile phones last Wednesday.