Google patched 17 security holes in May's Android update

There will be 17 critical vulnerabilities patched in the May update, including six vulnerabilities in the media server (Media Server) of the Android library. The media server library is the subject of interest since July 2015 when the first Stagefirst bug was announced. Android's media server has been patched every time Google updates since August 2015.

All 6 errors on the media server were patched in May (CVE-2017-0587, CVE-2017-0588, CVE-2017-0589, CVE-2017-0590, CVE-2017-0591 and CVE-2017-0592) are related to remote code execution vulnerabilities.

Google warns that " remote code execution vulnerabilities in media servers allow hackers to use a file that corrupts memory during transmission and processing of media data ". This problem is rated as important (Critical) because of the ability to execute remote code right in the process of media server.

This month, Google also patched 7 other bugs on the media server, including three privilege escalation vulnerabilities that are highly influential (CVE-2017-0592, CVE-2017-0595 and CVE-2017- 0596).

Google advises that " privileged escalation vulnerabilities on media servers allow standalone applications on the device to execute random code during the privilege process ". " This problem is rated high because it can be used to access tasks that normally third-party applications cannot access ."

• How to check and update the version of Android operating system in use