Google release December 2015 Security Bulletin

Google has released the December 2015 Security Bulletin, detailing the next update and what has been addressed.

Partners were notified and provided updates for the December list on November 2nd. AOSP will be updated with patches over the next 48 hours, and firmware images for this update are available now on the Google Developers site.

This update is marked December 1, 2015 on phones that mark security updates in settings. The BlackBerry Priv which has already received this update.

Sixteen Common Vulnerability and Exposures ID have been patched and according to Google there are no active reports of any active exploits through these vulnerabilities.

Details of the patches are as follows.

  • Remote Code Execution Vulnerability in Mediaserver – During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. – CVE-2015-6616
  • Remote Code Execution Vulnerability in Skia – A vulnerability in the Skia component may be leveraged when processing a specially crafted media file that could lead to memory corruption and remote code execution in a privileged process. – CVE-2015-6617
  • Remote Code Execution Vulnerability in Bluetooth – A vulnerability in Android’s Bluetooth component could allow remote code execution from a successfully paired device, after the personal area network (PAN) profile is enabled (for example using Bluetooth Tethering) and the device is paired. The remote code execution would be at the privilege of the Bluetooth service. A device is only vulnerable to this issue from a successfully paired device while in local proximity. – CVE-2015-6618
  • Elevation of Privilege Vulnerabilities in libstagefright – Multiple vulnerabilities in libstagefright can enable a local malicious application to execute arbitrary code within the context of the mediaserver service. – CVE-2015-6620
  • Elevation of Privilege Vulnerability in SystemUI – When setting an alarm using the clock application, a vulnerability in the SystemUI component can allow an application to execute a task at an elevated privilege level. – CVE-2015-6621
  • Information Disclosure Vulnerability in Native Frameworks Library – An information disclosure vulnerability in Android Native Frameworks Library can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. – CVE-2015-6622
  • Information Disclosure Vulnerabilities in libstagefright – Information disclosure vulnerabilities in libstagefright, during communication with mediaserver, can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. – CVE-2015-6626, CVE-2015-6631, CVE-2015-6632
  • Information Disclosure Vulnerability in Audio – A vulnerability in the Audio component can be exploited during audio file processing. This vulnerability could allow a local malicious application, during processing of a specially crafted file, to cause information disclosure. – CVE-2015-6627
  • Information Disclosure Vulnerability in Media Framework – An information disclosure vulnerability in Media Framework, during communication with mediaserver, can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. – CVE-2015-6628
  • Information Disclosure Vulnerability in Wi-Fi – A vulnerability in the Wi-Fi component could allow an attacker to cause the Wi-Fi service to disclose information. – CVE-2015-6629
  • Information Disclosure Vulnerability in SystemUI – An information disclosure vulnerability in the SystemUI can enable a local malicious application to gain access to screenshots. – CVE-2015-6630

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services