Google squashes another Mediaserver bug in Android

Google squashes another Mediaserver bug in Android

Google fixed more than 50 issues in multiple libraries, the Android kernel, Mediaserver, various hardware drivers, system applications, and networking components as part of its September Android Security Bulletin.

The most noteworthy flaws addressed are the critical remote code execution bug in Mediaserver and a pair of critical elevation of privilege bugs that make up the QuadRooter flaw publicly disclosed in August.

Mediaserver back in spotlight

The remote code execution flaw in Mediaserver (CVE-2016-3862) was similar to the set of Stagefright vulnerabilities disclosed a year ago. While Stagefright and many of the later-disclosed Mediaserver flaws primarily focused on video files, this particular bug affected how Android’s Mediaserver component processed EXIF (location) data in JPEG images, said Tim Strazzere, the SentinelOne researcher credited with finding and reporting the vulnerability to Google.

To read this article in full or to leave a comment, please click here

Source: Security


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.