Google Patches Android Vulnerabilities

Thursday, October 6, 2016 @ 05:10 PM gHale

Google released patches for the Android operating system, fixing 78 vulnerabilities.

Google split the October 2016 security patches in two, each focused on specific issues.

Android Malware in Over 3,000 Apps
Trojans Infect System Processes
Android Owner ID Flaw Fixed
Google Fixes Critical Android Holes

The 2016-10-01 security patch level took care of 20 vulnerabilities in various platform components, while the 2016-10-05 security patch fixed 58 flaws in kernel subsystems, drivers, and OEM components.

The 20 issues resolved with the 2016-10-01 security patch level affect all Nexus devices and include 15 high severity vulnerabilities, along with five medium risk. Elevation of privilege vulnerabilities were the most common bugs resolved this month, according to Google’s advisory.

The update patches 11 elevation of privilege vulnerabilities in ServiceManager, Lock Settings Service, Mediaserver, Zygote process, framework APIs, Telephony, Camera service, and fingerprint login; three denial of service bugs in Wi-Fi, GPS, and Mediaserver; and one information disclosure vulnerability in AOSP Mail, all rated high risk.

The medium severity issues include three elevation of privilege bugs in Framework Listener, Telephony, and Accessibility services, one Information disclosure vulnerability in Mediaserver, and one denial of service vulnerability in Wi-Fi.

The 2016-10-05 security patch level addresses six vulnerabilities labeled critical, 32 holes of high severity, 19 rated medium, and one low severity.

The critical vulnerabilities include remote code execution bugs in kernel ASN.1 decoder and kernel networking subsystem, along with elevation of privilege vulnerabilities in MediaTek video driver and kernel shared memory driver, and vulnerabilities affecting Qualcomm components.