Google patches five critical Android security flaws

Almost all devices running a modern version of Android are affected by at least one of the five critical flaws.
Written by Zack Whittaker, Contributor
(Image: CNET/CBS Interactive)

Google has fixed a dozen security vulnerabilities in Android, five of which it rated "critical."

Of the highest-rated vulnerabilities in its sixth monthly release, Google said one nasty flaw could allow an attacker to remotely execute code -- such as malware -- by exploiting a flaw in how Android processes some media files.

This time around, Android 5.0 and later -- including "Marshmallow" 6.0 -- are affected.

And if you think you've heard this before, it's because you probably have. That's because month after month, the "mediaserver" service remains the most problematic component of Android. So much so that Google has copied and pasted almost word-for-word the same text for the advisory for every month the component is affected.

The critical vulnerability affects a core part of the Android software, which has access to permissions that third-party apps cannot normally access.

While the good news is that the Google's own internal team discovered the flaw, it's fast becoming a thorn in the side of the mobile operating system.

Other flaws exist in how Android handles Bluetooth and Wi-Fi, and other issues relating to the kernel.

Nexus devices are the first to get the security updates, with other Android phone makers -- including Samsung, LG, and BlackBerry -- dishing out updates in the next few days.

Editorial standards