Taking into account the media server issues faced by Android users, recent security update released by Google will shift its focus entirely on media files.
Among the critical vulnerabilities, libutils component and Android media server component were given priority wherein the team also found out that both these components hold capability to execute and run remotely.
Christopher Budd of Trend Micros' commented on the issue that media processing layer is prone to attacks and vulnerabilities, also increasing the chances of mistakes while converting data taken from web.
In light of the issue, Google released an advisory note that stated the importance of media files and methods through which entire system could crash down. Media server has too many privileges that are usually lacking in third party apps.
Daniel Micay of Cooperhead Security, who successfully reported the presence of libutils flaw, stated that libutils could cause considerable issues and troubles as it is capable to offer attacker with an instant access to code execution. This will ultimately lead to non trusted input getting into system.
Furthermore, if media server gets in touch with this code, then it turns out to be a case of remote code execution which will affect media files including MMS messages. Also, there are chances that media files downloaded directly from a website also gets infected with the code.
Android update is now available for Nexus that runs on both Android 6.0 Marshmallow and Android 5.1 Lollipop. Also, update has been added to the Android open source project, and Google's phone manufacturing partners have also received their share of update which might be effectively implemented on their handsets.