Google Details Fixes in Latest Android Security Release

Google last week released an Android security update to Nexus 4, Nexus 5, Nexus 6, Nexus 7, and Nexus 9 devices. The update brought Android security enhancements apart from minor bug fixes.
Now, the company has detailed the fixes contained in the Android security update rolled out to Nexus devices. In its Nexus Security Bulletin for the month of September, Google adds that the monthly release build LMY48M along with source code patches have been released to the Android Open Source Project (AOSP) source repository.

Google has released a list including security vulnerabilities such as remote code execution vulnerability in Mediaserver (aka Stagefright); elevation of privilege vulnerability in kernel; elevation of privilege vulnerability in Binder; elevation of privilege vulnerability in Keystore; elevation of privilege vulnerability in region; elevation of privilege vulnerability in SMS enables notification bypass; elevation of privilege vulnerability in Lockscreen, and denial of service vulnerability in Mediaserver.

The company pointed that the most severe out of these issues was a critical security vulnerability that could enable remote code execution on an affected device. Google marked remote code execution vulnerability in Mediaserver and elevation of privilege vulnerability in Kernel as critical severity.

"We have not detected customer exploitation of the newly reported issues. The exception is the existing issue (CVE-2015-3636). Refer to the Mitigations section for details on the Android security platform protections, and service protections such as SafetyNet, which reduce the likelihood that security vulnerabilities can be successfully exploited on Android," noted Google in its Security Bulletin.

The mitigations provided by the Android security platform and service protections such as SafetyNet ( which are likely to reduce the likelihood that security vulnerabilities can be successfully exploited on Android) include the suggestion for all users to upgrade to Android 5.0 Lollipop as the version includes improved Address Space Layout Randomization (ASLR) algorithm, while the default Verify Apps options that warns users about potentially harmful apps about to be installed. Google has also updated the Hangouts and Messenger apps to not allow media automatically passed to vulnerable processes (such as Mediaserver).