Google patches distant execution flaws in Android

Google has released 16 patches for Android, including one for a critical remote execution vulnerability in the operating system’s mediaserver. The company’s Nexus devices will receive an over-the-air update. Google’s partners were notified no later than Feb. 1 of the fixes, giving them more than a month to prepare.

Google’s advisory said. The vulnerabilities in mediaserver could be exploited if malicious content is displayed or played on a device, such as an MMS, email, or if the browser plays some type of media, A string of vulnerabilities has been found in media playback software since last year, most notably the Stagefright bug.

That flaw could have allowed an attacker to compromise a device just by sending a malicious MMS. A successful compromise required an attacker only to know the victim’s phone number.

The severity of Stagefright prompted Google to move to a monthly patching schedule to address long-running concerns that Android was not regularly fixed. Mobile devices, particularly those running Android, are a frequent target for cyberattacks.

Samsung and LG, both major Android manufacturers, also pledged to improve the speed at which security fixes are applied.