Other two vulnerabilities belong to the High type, one of them allows attacking to be connected by CVE-2015-6641 in the Bluetooth component on wireless connection to the device and to get access to personal information of the user. Other vulnerability of CVE-2015-6642 of the Information Disclosure type in a kernel allows to bypass the built-in mechanisms of safety Android and to receive the raised privileges in system.
Updating corrects critical EoP of vulnerability in drivers of the MediaTek companies (misc-sd the driver) and Imagination Technologies, and also in a kernel and the Widevine QSEE TrustZone application. Vulnerabilities in all these components allow attacking to acquire the highest rights in system. The remained vulnerabilities belong to the Moderate type. It indicates that the malefactor will not be able to do by means of them essential harm to the user's device.
Google also supplied Android 6 with a new safety feature under the name Attack Surface Reduction for Nexus Kernels. The come-out updating deletes from OS the mechanism of inter-process communication under the name SysV IPC which, according to Google, is used in the purposes by the malware and does not add the OS essential functions. Its support is also incompatible with ensuring life cycle of other Android applications, and also a large number of the consumed kernel resources.
This article is a translation of the original post at habrahabr.ru/post/274559/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: email@example.com.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.