We knew that Android 7.0 Nougat had improved security, but now Google has detailed what it’s done with the operating system update. A big part was addressing the issues with mediaserver.
Stagefright was a huge exploit that affected almost every Android device on the market, no matter the manufacturer, and even affecting old versions of Android. Google quickly patched some of the attack vectors, but phone makers were a little slower than that.
The Stagefright bug related to how mediaserver handles incoming media. In particular, it loaded MMS media into memory before it was even opened, and bugs in the system allowed malicious software to enter the device.
Fortunately, the entire mediaserver has been rebuilt in the Nougat update. It now has multiple segmented steps and checks for integer overflow before loading media. It should be a lot harder to exploit now, which will make it less of a target for attackers.
If you own a recent Nexus device, you are likely rocking Nougat right now. Most of us aren’t so lucky. However, we have some beefed up security to look forward to when our respective device manufacturers do finally release the update.