Google has released 16 patches for Android, including one for a critical remote execution vulnerability in the operating system’s mediaserver. The company’s Nexus devices will receive an over-the-air update. Google’s partners were notified no later than Feb. 1 of the fixes, giving them more than a month to prepare.
Google’s advisory said. The vulnerabilities in mediaserver could be exploited if malicious content is displayed or played on a device, such as an MMS, email, or if the browser plays some type of media, A string of vulnerabilities has been found in media playback software since last year, most notably the Stagefright bug.
That flaw could have allowed an attacker to compromise a device just by sending a malicious MMS. A successful compromise required an attacker only to know the victim’s phone number.
The severity of Stagefright prompted Google to move to a monthly patching schedule to address long-running concerns that Android was not regularly fixed. Mobile devices, particularly those running Android, are a frequent target for cyberattacks.
Samsung and LG, both major Android manufacturers, also pledged to improve the speed at which security fixes are applied.
Benchmark Electronics will develop Qualcomm’s biometric patches to monitor vital signs and track patients