Google Patches Android for More Bugs in Its December Security Bulletin

Just like clockwork, Google has released a new Android monthly security bulletin for its Nexus devices, and this one contains 19 bugs, of which 5 are critical, 12 are high, and 2 have a moderate severity level.

The security update is for Android builds LMY48Z or later and Android Marshmallow. These updates will be delivered over the air to all Nexus devices in the next 48 hours. Updated Nexus firmware images have also been released on the Google Developer portal.

"The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files," says Google, referring to CVE-2015-6616, a bug in Android's mediaserver component.

The other bugs labeled as critical affect Android's Skia graphics engine (RCE), the display driver (RCE), and an elevation of privileges in the kernel itself. All the security bugs rated as critical have been discovered internally, by Google's security team.

No vulnerabilities have been used in real-world attacks

The other reported bugs fix remote code execution, information disclosure, and elevation of privilege vulnerabilities, in components like libstagefright, the System Server, the SystemUI, Media Framework, Native Frameworks Library, Bluetooth, Audio, and Wi-Fi.

The company also reports that its security specialists have not detected any of the bugs as part of any real-world attacks.