Android Mediaserver Vulnerability (CVE-2015-3842)

  Severity: CRITICAL
  CVE Identifier: CVE-2015-3842
  Advisory Date: AUG 17, 2015


This vulnerability assigned with CVE-2015-3842, affects the AudioEffect component found in the mediaserver program. Attackers can run arbitrary code on the device when successfully exploited thus compromising its security. However, attackers need to convince users first to install a malicious app that doesn't require any permission.The said vulnerability affects Android versions 2.3 to 5.1.1.

Trend Micro researcher Wish Wu disclosed details about this vulnerability to Google. The said company acknowledged Wu’s research contribution.