Google fixed more than 50 issues in multiple libraries, the Android kernel, Mediaserver, various hardware drivers, system applications, and networking components as part of its September Android Security Bulletin.
The most noteworthy flaws addressed are the critical remote code execution bug in Mediaserver and a pair of critical elevation of privilege bugs that make up the QuadRooter flaw publicly disclosed in August.
Mediaserver back in spotlight
The remote code execution flaw in Mediaserver (CVE-2016-3862) was similar to the set of Stagefright vulnerabilities disclosed a year ago. While Stagefright and many of the later-disclosed Mediaserver flaws primarily focused on video files, this particular bug affected how Android’s Mediaserver component processed EXIF (location) data in JPEG images, said Tim Strazzere, the SentinelOne researcher credited with finding and reporting the vulnerability to Google.
To read this article in full or to leave a comment, please click here