Google has rolled out its May Android security patch and put up factory images of the same for its Nexus devices. You can either choose to wait for an OTA update to arrive or flash your handset right now.
Interestingly, Google has rechristened the name of the announcement from the Nexus Security Bulletin to the Android Security Bulletin. The change is meant to communicate a broader focus since the notices cover a wide range of vulnerabilities which affect Android products in general and not just Nexus devices.
Google has also gone ahead and updated the Android Security severity ratings. The welcome move is the result of fresh data collected over the course of the past six months. It aims to line up severities more closely with the potential real world impact to consumers.
The most alarming security issue which the new update resolves is a vulnerability in mediaserver which takes places when processing media and data files. The exposure could allow remote code execution through a number of techniques like email, web browsing and MMS.
To exploit the security issue, an attacker would have to create a special file which takes advantage of the mediaserver vulnerability to cause memory corruption and remote code execution. Google says that the affected functionality is a core component of the OS.
The mediaserver service has access to audio and video streams, in addition to privileges which third-party apps don’t have admittance to normally. As a result, Google has rated the problem as a Critical one due to the extent of the damage it could wreak. Thankfully, there have been no reports of customers getting affected by the issue yet.
You can download the May security patch for your Nexus device here.