Multiple Vulnerabilities in Google Android Could Allow for Remote Code Execution

ITS Advisory Number: 
2016-020
Date(s) Issued: 
Tuesday, February 2, 2016
Subject: 
Multiple Vulnerabilities in Google Android Could Allow for Remote Code Execution
Overview: 

Google Android is an operating system developed by Google for mobile devices. This advisory identifies multiple remote code execution vulnerabilities affecting the Google Android operating system. A successful exploitation could allow an attacker to bypass security restrictions, perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data, and execute remote code in the context of the affected application.

Systems Affected: 
  • Android versions prior to 6.0 
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Google Android is an operating system developed by Google for mobile devices including, but not limited to, phones, tablets, and watches. These vulnerabilities could allow remote code execution in which an attacker can bypass security restrictions, perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data. These vulnerabilities are as follows:

  • Multiple remote code execution vulnerabilities in the 'Broadcom Wi-Fi' driver. (CVE-2016-0801, CVE-2016-0802)
  • Multiple remote code execution and memory corruption vulnerabilities in the 'Mediaserver' service. (CVE-2016-0803, CVE-2016-0804)
  • Elevation of privilege vulnerability in 'Qualcomm Performance Module' that could allow for a local malicious application to execute arbitrary code within the kernel. (CVE-2016-0805)
  • Elevation of privilege vulnerability in 'Qualcomm Wifi Driver' that could allow for a local malicious application to execute arbitrary code within the context of the kernel. (CVE-2016-0806)  
  • Elevation of privilege vulnerability in the 'Debuggered' component that could enable a local malicious application to execute arbitrary code within the device root context. (CVE-2016-0807)
  • Denial of service vulnerability in the 'Minikin' library. (CVE-2016-0808)
  • An elevation of privilege vulnerability in the Wi-Fi component. (CVE-2016-0809)
  • An elevation of privilege vulnerability in mediaserver that could enable a local malicious application to execute arbitrary code. (CVE-2016-0810)
  • An information disclosure vulnerability in 'libmediaplayerservice' that could allow for a bypass of security measures. (CVE-2016-0811)
  • An elevation of privilege vulnerability in 'Setup Wizard' that could allow for a malicious attacker to bypass the Factory Reset Protection. (CVE-2016-0812, CVE-2016-0813)
Actions: 
  • Android users should patch the device immediately after receiving the update notification from your network carrier.
  • Try contacting your network carrier to determine when a patch will be available, and to urge them to patch as soon as possible.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Run all software as a non-privileged/non-rooted user to diminish the effects of a successful attack.