Google released the first public security bulletin for Android
Google has released the Nexus Security Bulletin (August 2015) security bulletin for Android, which identifies the fixed vulnerabilities in the update we wrote earlier last week. The company has moved to releasing monthly security updates for its products, security bulletins will be published for them with information about fixed vulnerabilities.
The update is of the type over-the-air (OTA), that is, it can be installed over a wireless connection, and is intended to be installed on branded Nexus 4/5/6/7/9/10 smartphones. The update has also been released for the source repository of the Android Open Source Project (AOSP). A total of six vulnerabilities were fixed in Android.
')
The critical Remote Code Execution (RCE) vulnerability CVE-2015-1538 ( Integer overflows during MP4 atom processing ) of integer overflow type (integer overflow) in the libstagefright library can be used by attackers for remote code execution. Vulnerabilities are assigned a critical level, since the operation can be performed as part of the privileged mediaserver service, which gives attackers full access to the device, including the kernel and drivers. As part of the update, the Hangouts and Messenger applications were also fixed so that the sent media files were not submitted to the mediaserver process for processing. To exploit, attackers can place malicious content on a remote server, and a link to it can be sent as an MMS message or via the built-in instant messenger.
The other five critical vulnerabilities also apply to the libstagefright library and allow attackers to remotely execute code with maximum privileges in the system. The only difference is in the types of processed data through which operation can be performed (MP4, ESDS, MPEG4 tx3g, MPEG4 covr, 3GPP, MPEG4).
CVE-2015-1539: An integer underflow in ESDS processing
ID: ANDROID-20139950
Versions: 5.1 and below
Severity: Critical
Partners notified: May 4, 2015 (Bulletin 2015-07)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3824: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
ID: ANDROID-20923261
Versions: Android 5.1 and below
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3827: Integer underflow in libstagefright when processing MPEG4 covr atoms
ID: ANDROID-20923261
Versions: Android 5.1 and below
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3828: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
ID: ANDROID-20923261
Versions: Android 5.0 and above
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3829: Integer overflow in MPEG4 covr atoms when libstagefright processing chunk_data_size is SIZE_MAX
ID: ANDROID-20923261
Versions: Android 5.1 and below
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
We encourage users to update their devices.
be secure.
The update is of the type over-the-air (OTA), that is, it can be installed over a wireless connection, and is intended to be installed on branded Nexus 4/5/6/7/9/10 smartphones. The update has also been released for the source repository of the Android Open Source Project (AOSP). A total of six vulnerabilities were fixed in Android.
')
The critical Remote Code Execution (RCE) vulnerability CVE-2015-1538 ( Integer overflows during MP4 atom processing ) of integer overflow type (integer overflow) in the libstagefright library can be used by attackers for remote code execution. Vulnerabilities are assigned a critical level, since the operation can be performed as part of the privileged mediaserver service, which gives attackers full access to the device, including the kernel and drivers. As part of the update, the Hangouts and Messenger applications were also fixed so that the sent media files were not submitted to the mediaserver process for processing. To exploit, attackers can place malicious content on a remote server, and a link to it can be sent as an MMS message or via the built-in instant messenger.
The other five critical vulnerabilities also apply to the libstagefright library and allow attackers to remotely execute code with maximum privileges in the system. The only difference is in the types of processed data through which operation can be performed (MP4, ESDS, MPEG4 tx3g, MPEG4 covr, 3GPP, MPEG4).
CVE-2015-1539: An integer underflow in ESDS processing
ID: ANDROID-20139950
Versions: 5.1 and below
Severity: Critical
Partners notified: May 4, 2015 (Bulletin 2015-07)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3824: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
ID: ANDROID-20923261
Versions: Android 5.1 and below
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3827: Integer underflow in libstagefright when processing MPEG4 covr atoms
ID: ANDROID-20923261
Versions: Android 5.1 and below
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3828: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
ID: ANDROID-20923261
Versions: Android 5.0 and above
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
CVE-2015-3829: Integer overflow in MPEG4 covr atoms when libstagefright processing chunk_data_size is SIZE_MAX
ID: ANDROID-20923261
Versions: Android 5.1 and below
Severity: Critical
Partners received: June 25th, 2015 (Bulletin 2015-09)
Fixed in Nexus Build: 5.1.1 (LMY48I)
We encourage users to update their devices.
be secure.
Source: https://habr.com/ru/post/264665/
All Articles