Google Patches 40 Android Flaws in June Update | eWeek
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Google Patches 40 Android Flaws in June Update

Android security
Written By
Sean Michael Kerner
Sean Michael Kerner
Jun 7, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

In its June Android update, released on June 7, Google has fixed 40 vulnerabilities, eight of which are rated critical. Once again, the security update includes a familiar set of flaws, with media server issues and Qualcomm drivers topping the list.

In fact, six of the eight critical issues were found in Qualcomm drivers: CVE-2016-2062, CVE-2016-2464, CVE-2016-2465, CVE-2016-2466, CVE-2016-2467 and CVE-2016-2468. The flaws were found in the Qualcomm video, sound, GPU and WiFi driver components that are integrated with hundreds of millions of Android devices. All six vulnerabilities are privilege escalation issues that could potentially enable a malicious application to execute arbitrary code.

The six newly patched flaws follow a critical Qualcomm driver flaw (CVE-2016-2060) that Google patched in its May update last month.

Google also once again had to patch vulnerabilities in its much maligned media server component. In the June update, Google patched 15 vulnerabilities in media server, including one critical remote code execution vulnerability (CVE-2016-2463), 12 high-impact privilege escalation flaws, one high-impact denial-of-service flaw (CVE-2016-2495) and a moderate impact information disclosure vulnerability (CVE-2016-2500).

The media server component is in the same part of the Android operating system as the libstagefright media server that was first exposed to risk in July 2015 and has been patched in every Google update since August 2015. In the May Android update, Google patched seven vulnerabilities in media server. For the upcoming Android N release, Google has pledged to rearchitect the media server system to improve security.

With the 40 vulnerabilities fixed in the June update, Google has now patched at least 163 vulnerabilities so far in 2016. A key challenge, however, is getting handset vendors to implement all those patches and making them available to end users.

Google’s supported Nexus phones all get the Android updates relatively quickly after each monthly update is issued, but other Android phones have not been quite as fortunate. Google is now working on a plan to publicly pressure handset vendors that don’t make updates available quickly for end users and is planning to integrate a more robust updating system that helps keep devices up to date with patching.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information