This bulletin continues the tackle the vulnerabilities in Mediaserver we’ve been discussing for the past few months. In March we mentioned that an attacker can use specifically crafted files –H.264 and H.265 videos—to cause memory corruption during file processing. These vulnerabilities could also potentially allow attackers to execute remote code using Mediaserver processes. Patches for these and related media codec vulnerabilities continued to be released in April, May and June as well.
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/julys-android-security-bulletin-addresses-continuing-mediaserver-qualcomm-issues/
沒有留言:
張貼留言