Android March Security Bulletin Published, OTAs Rolling Out

Pretty soon your Nexus Player will receive an OS update notification because it is time for March’s security update. The security bulletin, published today, contains a number of fixes in various parts of the operating system related to elevation of privilege. It’s not likely issues the average user will encounter, but any type of security vulnerability should be resolved quickly.

Android Marshmallow

MediaServer Bugs

Google’s MediaServer APIs are a frequent target for vulnerabilities. Due to media management being so prevalent throughout the operating system and core apps, it is an easy way to attack users. A corrupted video on a website or a rogue attachment to a text message could cause a number of serious problems for the user.

Two of the bugs reported allowed remote code execution with a specific type of media file. The MediaServer, being an integral system component, has access to more parts of the device than a standard app. A rogue media playing application could cause privilege elevation and allow the app to do things it normally could not.

Bluetooth Denial of Service

Another potentially relevant fix is related to Bluetooth. Bluetooth is the communication protocol that wireless remotes and gamepads use to communicate with your TV. An attacker could cause a device to discover a significant number of Bluetooth enabled devices in the nearby area. This would cause the Bluetooth service to crash due to an overflow of devices. The Bluetooth service would continue to crash every time the device starts, and could only be fixed by factory resetting the device.

Other Security Fixes

There are a number of other security fixes that Google highlights. A number of them were rated as critical flaws, meaning the fixes are appreciated.

The Nexus Player (codenamed Fugu) has the OS image available to download from Google’s website if you’re too impatient to wait for the OTA update.

Nick Felker

Nick Felker

Nick Felker is a student Electrical & Computer Engineering student at Rowan University (C/O 2017) and the student IEEE webmaster. When he's not studying, he is a software developer for the web and Android (Felker Tech). He has several open source projects on GitHub (http://github.com/fleker)Devices: Moto G-2013 Moto G-2015, Moto 360, Google ADT-1, Nexus 7-2013 (x2), Lenovo Laptop, Custom Desktop.Although he was an intern at Google, the content of this blog is entirely independent and his own thoughts.

More Posts - Website

Follow Me:
TwitterLinkedInGoogle PlusReddit