Google fixes another “Stagefright” type bug in Android mediaserver

https://sophosnews.files.wordpress.com/2016/01/google-android-patch.png?w=780&h=408&crop=1

If you have an Android, keep an eye out for updates from your vendor or carrier – there are some critical security patches out.

Google has fixed 12 vulnerabilities affecting Android versions 4.4.4 through 6.0.1, including five rated as “critical” – the designation for the worst kind of security bug.

The most serious vulnerability in this batch is a remote code execution (RCE) bug, designated CVE-2015-6636, in Android’s mediaserver component. Mediaserver is often used to render remotely-supplied multimedia content, so Google is warning that an attacker could exploit the bug to run malware hidden in booby-trapped media files delivered via multiple methods, including email, web browsing and MMS.