Google has been busy working on bug fixes for Android, and has now squished some nasty ones. Unfortunately, it may take a while for some devices to get the patches. And some older Android devices will probably never get them.
Liam Tung reports for ZDNet:
Google has fixed 19 bugs in Android in its March update, including two remote code-execution bugs in its problematic and privileged Mediaserver service.
Mediaserver, often blamed for battery drain on Android devices, is yet again the source of the worst flaws affecting up-to-date Android devices. The core component of Android has turned up critical flaws in nearly every update since Google began monthly patches in August, following the Stagefright bug.
For this month's update, Google's own security teams discovered two new critical flaws in the service that could be used to cause remote code execution by sending a rigged email, MMS, or a media file played through the browser. Google also identified another related critical flaw in libvpx.
The March update includes fixes for a total of seven critical flaws, 10 high-impact bugs, and two moderate issues.
More at ZDNet.