Google patches Stagefright 2.0 on Nexus devices

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

Google has released its monthly security update for Nexus devices.

Among the issues this update fixes are the two vulnerabilities in the stagefright and utils Android libraries, which have been dubbed Stagefright 2.0.

Like the Stagefright vulnerabilities, these latest ones have been discovered by Zimperium researchers.

Once again, exploitation of these flaws is easy – via browser or a third-party app that uses the vulnerable library – and can lead to total device compromise.

The flaws affect almost every Android device sold since 2008.

“We have had no reports of active customer exploitation of these newly reported issues,” Google commented in the advisory accompanying the update.

The update also plugs a slew of other holes, mostly remote code execution and elevation of privilege vulnerabilities of critical and high severity.

Users are advised to implement the update as soon as possible.

It remains to be seen how fast other manufacturers will push out updates for their own customers. Samsung and LG have promised to improve their Android security update process.