Google Fixes 81 Android Vulnerabilities

Thursday, September 7, 2017 @ 05:09 PM gHale


Security patches released this month for the Android platform.

Thirteen of the 81 flaws were rated critical by Google.

RELATED STORIES
Google Cuts Android Apps Used in Botnet
Google’s App Engine Firewall in Beta
Android Dropper on Google Play
Google Yanks Malicious Apps

The security bulletin has two security patch levels, each focused on addressing vulnerabilities in specific components. 

The patch fixes 30 vulnerabilities, 10 rated a critical severity, 15 high risk, and 5 medium severity. Affected Android iterations range from version 4.4.4 to 8.0, but only some vulnerabilities impact all platform releases.

The most affected component was media framework, with 24 vulnerabilities addressed in it, including 10 rated critical severity, all remote code execution flaws. 10 other bugs were rated high risk, including one remote code execution, 4 elevation of privilege, and 5 denial of service issues.

The remaining 4 bugs are moderate risk. Three of them, however, have a medium risk rating only when affecting Android versions 7.0, 7.1.1, 7.1.2, or 8.0. When impacting platform releases older than 7.0, they are considered high severity, Google said in an advisory.

Google also addressed a high risk elevation of privilege flaw in Framework, three high risk (2 remote code execution and one elevation of privilege) issues in Libraries, one high severity denial of service bug in Runtime, and one moderate elevation of privilege bug in System.

A total of 51 vulnerabilities were resolved as part of the 2017-09-05 security patch level, but only three of them were rated critical.

Qualcomm components emerge as the most impacted, with 21 vulnerabilities resolved in them, including 1 critical remote code execution bug, 4 high risk flaws (1 information disclosure and 3 elevation of privilege), and 16 moderate severity bugs (11 elevation of privilege and 5 information disclosure).

Eight vulnerabilities were addressed in Broadcom components, including a critical remote code execution bug, a high severity elevation of privilege issue, and five moderate flaws (4 elevation of privilege and 1 information disclosure). Only one high severity information disclosure bug was addressed in Imgtk components.



Leave a Reply

You must be logged in to post a comment.