This week Google released the May update for its mobile operating system Android, which fixed 40 vulnerabilities, including a critical and dangerous flaw. Security problems also affected all the supported Google Nexus devices (Google Nexus is a line of consumer electronic devices that run the Android operating system).

Critical rating received vulnerabilities in the Android Media server (CVE-2016-2428 and CVE-2016-2429), allowing to remotely execute code in the context of Mediaserver service.

Google Fixed 40 Vulnerabilities In Android

The list also includes the critical vulnerabilities in Qualcomm TrustZone (CVE-2016-2431 and CVE-2016-2432), Android debugger (CVE-2016-2430), Wi-Fi driver from Qualcomm (CVE-2015-0569 and CVE-2015 -0570), NVIDIA video driver (CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, and CVE-2016-2437) and in the nucleus (CVE-2015-1805), allowing to elevate privileges.

Vulnerabilities are also found in the kernel (CVE-2016-2438) and Bluetooth (CVE-2016-2439), which received the highest danger rating, allowing you to execute arbitrary code remotely. But, With the help of the Qualcomm Tethering Controller (CVE-2016-2060), the vulnerability can expose.

The list of the dangerous vulnerabilities was also in Binder (CVE-2016-2440), Qualcomm Buspm drivers (CVE-2016-2441 and CVE-2016-2442), MDP (CVE-2016-2443), and Wi-Fi (CVE-2015- 0571), NVIDIA video driver (CVE-2016-2444, CVE-2016-2445, and CVE-2016-2446), Mediaserver (CVE-2016-2448, CVE-2016-2449, CVE-2016-2450, CVE-2016-2451, and CVE-2016-2452) and the driver MediaTek Wi-Fi (CVE-2016-2453). With their help, the attacker can increase the privileges, and the vulnerability in Qualcomm Hardware Codec (CVE-2016-2454) allows the remote denial of service.

By exploiting the vulnerability in the kernel (CVE-2016-0774), the attacker Moe Zht caused a denial of service. Hence, all the problems except for the CVE-2016-2060, which affects the Nexus devices, a line of consumer electronic devices from Google that runs the Android operating system. The remaining vulnerabilities are marked as medium risk.