It’s been four months now since the discovery of stagefright and since then the Google team has been working hard on creating monthly updates to fix vulnerabilities that tend to affect the open source platform. Today, Android is getting another new patch fixing a total of 23 vulnerabilities including two critical issues tagged CVE-2015-6608 and CVE-2015-6609. The most serious of the vulnerabilities allows remote code execution through email, web browsing, and MMS. The patch also fixes a newly discovered vulnerability in the Stagefright library, listed as high rather than critical because of the difficulty of remote execution.
The patch which includes bugs reported by Trend Micro, System Security Lab, and Keen Team, as well as Google’s internal security teams has been released to Nexus devices running on lollipop & marshmallow through an over-the-air (OTA) update and will be published to the Android Open Source Project’s code repository within 48 hours so that other smartphone brand can also supply the security updates to their devices.
Am sure many Android users will be pondering on how long it will take the patch to reach every device but hey, it’s comforting to know theres a team working hard to protect your personal data from security threat. In the mean time, stay off malicious files and untrusted sites. Cheers
SOURCE: Nexus security bulletin