- Connected Car: Start Thinking Security
- Rockwell Fixes Parser Buffer Overflow
- Oil and Gas Security ‘Not Keeping Pace’
- Ground Control Maker Stays SHARP
- Parsons Reapproved for OSHA Safety Program
- Worker Dies in Manufacturing Incident
- ARC: Open, Secure Systems Moving Forward
- ARC: Take ‘Crown Jewels’ Offline
Chemical Safety Incidents
Google Patches Android, Qualcomm Holes
Thursday, June 9, 2016 @ 03:06 PM gHale
Android operating system security update released patching 40 vulnerabilities.
Of all the vulnerabilities, there were eight critical, 28 high and four medium issues.
Fifteen security vulnerabilities ended up mitigated in mediaserver this month, along with 16 issues in Qualcomm drivers, and nine bugs in other areas.
The June 2016 Android security updates resolve a Remote Code Execution (RCE) flaw in mediaserver rated critical, 13 high severity flaws in the component – 12 Elevation of Privilege (EoP) issues, a Remote Denial of Service (DoS) bug, and an Information Disclosure vulnerability rated medium risk.
Last month, Google patched 40 vulnerabilities in Android, 12 of which were critical.
The June 2016 Android security update closes six critical severity EoP flaws affecting Qualcomm Video, Sound, GPU, and Wi-Fi drivers.
There were another nine EoP flaws in Qualcomm drivers – two with Sound, two with Camera, one with Video, and four with Wi-Fi, all rated high severity, along with a medium risk Information Disclosure flaw in Qualcomm Wi-Fi Driver.
Google also fixed one critical RCE flaw in libwebm, , two High risk EoPs in Broadcom Wi-Fi Driver, two in NVIDIA Camera Driver, one in MediaTek Power Management Driver, and another in SD Card Emulation Layer. The remaining newly patched flaws were an EoP in Framework UI and an Information Disclosure in Activity Manager, both rated medium risk.
Android 4.4.4, 5.0.2, 5.1.1, 6.0, and 6.0.1 suffer from the vulnerabilities the most, though Google also said some of these issues impact only Nexus devices (namely those affecting Qualcomm, Broadcom, and NVIDIA drivers), while others affect only the 6.0 and 6.1 versions of Android (the Framework UI vulnerability).
Devices running under Android with Security Patch Levels of June 01 or later are safe from these vulnerabilities.