The following vulnerabilities have been remediated in this update:
|Remote Code Execution Vulnerability in Mediaserver||During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
|Elevation of Privilege Vulnerability in Setup Wizard||An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset.||CVE-2015-6643|
|Elevation of Privilege Vulnerability in Wi-Fi||An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity.||CVE-2015-5310|
|Information Disclosure Vulnerability in Bouncy Castle||An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information.||CVE-2015-6644|
|Denial of Service Vulnerability in SyncManager||A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop.||CVE-2015-6645|