Google patches critical media processing and rooting vulnerabilities in Android
Google has released a new batch of security fixes for its Nexus smartphones and tablets, addressing flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages, and MMS messages.
Firmware updates are being rolled out to supported Nexus devices as an over-the-air update and the patches will be added the Android Open Source Project (AOSP) over the next 48 hours. Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level contain these fixes, Google said in its security bulletin.
The updates address five vulnerabilities rated as critical, 12 rated as high and two as moderate. A significant number of flaws were again located in the OS’ media processing components, which handle audio and video file playback and corresponding file metadata parsing.