Google has released an unusually hefty Android Security Bulletin for July. In fact, so many vulnerabilities have been fixed – 108 in all – that the patches come in two levels.
The first one, 2016-07-05, includes patches for vulnerabilities found in Android OS.
Among these are seven critical RCE flaws affecting the Mediaserver component, which can be triggered via email, web browsing, and MMS, by making the component process specially crafted media files, and a RCE flaw in OpenSSL and BoringSSL that can also be triggered with a specially crafted file.
Leave a reply
