Android Fixes Vulnerabilities

Tuesday, October 3, 2017 @ 01:10 PM gHale


Android patches released this week, fixing 14 vulnerabilities.

Google’s Android Security Bulletin—October 2017 resolves vulnerabilities in Android 4.4.4 to Android 8.0. The most severe hole could lead to arbitrary code execution or to applications being able to gain additional permissions without user interaction.

RELATED STORIES
Bluetooth Devices Susceptible to Attack
ICSJWG: Change in Security Approach Needed
Power Grid Compromise
Fighting FUD from DC

One set of patches addresses eight vulnerabilities, including three critical, three high risk, and two medium.

Media framework was the most patched component. Three of issues got the critical rating, all three could lead to remote code execution. Additionally, there was a high severity elevation of privilege and two moderate risk information disclosure holes.

Other components suffering was framework, which had a high severity elevation of privilege issue. System also had a high risk remote code execution bug patched.

The vulnerability addressed in System is CVE-2017-14496, which is related to the Dnsmasq network services software. The release of Dnsmasq 2.78 addressed the problem and several others, including remote code execution flaws.

Google fixed six vulnerabilities as part of the 2017-10-05 security patch level, two listed as critical and four listed as high risk.

The critical holes, one remote code execution and one elevation of privilege, along with a high risk elevation of privilege issue, on Qualcomm components. Two of the remaining high risk issues hit Kernel components, while the third was with MediaTek components. All three were elevation of privilege issues.

In addition to the Android Security Bulletin, Google published a separate security bulletin detailing vulnerabilities addressed in Nexus and Pixel devices. As part of this month’s fixes, Google resolved issues affecting framework, Media framework, System, and Broadcom, HTC, Huawei, Kernel, Motorola, and Qualcomm components.

Fixes for 38 vulnerabilities were included in the Pixel/Nexus Security Bulletin—October 2017: Four high risk, 32 medium severity, and two low risk. Most of the issues were elevation of privilege and information disclosure bugs.



Leave a Reply

You must be logged in to post a comment.