Google Patches Stagefright 2 Android Vulnerability
Google is fixing newly announced flaws in its Android mobile OS. The company issued patches for 19 vulnerabilities, including the Stagefright 2 flaw.Google isn't wasting any time patching newly announced vulnerabilities in its Android mobile operating system. On Oct. 5, Google released its monthly Nexus update, providing a patch for the Stagefright 2.0 issues that Zimperium zLabs Vice President of Platform Research and Exploitation Joshua Drake first announced on Oct. 1. Drake disclosed two issues, CVE-2015-3876 and CVE-2015-6602, which Google has patched. In total, the Google Android October update patches 19 different vulnerabilities. Drake told eWEEK that he reported 10 different issues to Google on Aug. 15. In addition to the CVE-2015-3876 and CVE-2015-6602 vulnerabilities, Google also is patching a third issue that Drake reported; the vulnerability, known as CVE-2015-3875, was also reported to Google by Daniel Micay, a security researcher at Copperhead Security. "Daniel [Micay] reported it back while everyone was in Vegas; I reported it 10 days later, was told it was duplicate and commended Daniel on his work," Drake said.
The other seven issues that Drake has reported to Google on Android remain unpatched, although the risk is not quite the same.