Multiple Vulnerabilities in Google Android OS Could Allow for Code Execution

ITS Advisory Number: 
2016-204
Date(s) Issued: 
Tuesday, December 6, 2016
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Code Execution
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices including, but not limited to smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of these vulnerabilities could result in remote code execution in the context of the application, an attacker gaining elevated privileges, information disclosure, or bypassing security restrictions.

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels prior to the Security Patch Level published on December 1, 2016.
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Google's Android OS is prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Remote code execution vulnerability in CURL/LIBCURL (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421).
  • Elevation of privilege vulnerability in libziparchive (CVE-2016-6762).
  • Denial of service vulnerability in Telephony (CVE-2016-6763).
  • Denial of service vulnerability in Mediaserver (CVE-2016-6766, CVE-2016-6765, CVE-2016-6764, CVE-2016-6767).
  • Remote Code Execution vulnerability in Framesequence library (CVE-2016-6768).
  • Elevation of privilege vulnerability in Smart Lock (CVE-2016-6769).
  • Elevation of privilege vulnerability in Framework APIs (CVE-2016-6770).
  • Elevation of privilege vulnerability in Telephony (CVE-2016-6771).
  • Elevation of privilege vulnerability in Wi-Fi (CVE-2016-6772).
  • Information disclosure vulnerability in Mediaserver (CVE-2016-6773).
  • Information disclosure vulnerability in Package Manager (CVE-2016-6774) .
  • Elevation of privilege vulnerability in kernel memory subsystem (CVE-2016-4794, CVE-2016-5195).
  • Elevation of privilege vulnerability in NVIDIA GPU driver (CVE-2016-6775, CVE-2016-6776, CVE-2016-6777).
  • Elevation of privilege vulnerability in kernel (CVE-2015-8966).
  • Elevation of privilege vulnerability in NVIDIA video driver (CVE-2016-6915, CVE-2016-6916, CVE-2016-6917).
  • Elevation of privilege vulnerability in kernel ION driver (CVE-2016-9120).
  • Vulnerabilities in Qualcomm components (CVE-2016-8411).
  • Elevation of privilege vulnerability in kernel file system (CVE-2014-4014).
  • Elevation of privilege vulnerability in kernel (CVE-2015-8967).
  • Elevation of privilege vulnerability in HTC sound codec driver (CVE-2016-6778, CVE-2016-6779, CVE-2016-6780).
  • Elevation of privilege vulnerability in MediaTek driver (CVE-2016-6492, CVE-2016-6781, CVE-2016-6782, CVE-2016-6783, CVE-2016-6784, CVE-2016-6785).
  • Elevation of privilege vulnerability in Qualcomm media codecs (CVE-2016-6761, CVE-2016-6760, CVE-2016-6759, CVE-2016-6758).
  • Elevation of privilege vulnerability in Qualcomm camera driver (CVE-2016-6755).
  • Elevation of privilege vulnerability in kernel performance subsystem (CVE-2016-6786, CVE-2016-6787).
  • Elevation of privilege vulnerability in MediaTek I2C driver (CVE-2016-6788).
  • Elevation of privilege vulnerability in NVIDIA libomx library (CVE-2016-6789, CVE-2016-6790).
  • Elevation of privilege vulnerability in Qualcomm sound driver (CVE-2016-6791, CVE-2016-8391, CVE-2016-8392).
  • Elevation of privilege vulnerability in kernel security subsystem (CVE-2015-7872).
  • Elevation of privilege vulnerability in Synaptics touchscreen driver (CVE-2016-8393, CVE-2016-8394).
  • Elevation of privilege vulnerability in Broadcom Wi-Fi driver (CVE-2014-9909, CVE-2014-9910).
  • Information disclosure vulnerability in MediaTek video driver (CVE-2016-8396).
  • Information disclosure vulnerability in NVIDIA video driver (CVE-2016-8397).
  • Denial of service vulnerability in GPS (CVE-2016-5341).
  • Denial of service vulnerability in NVIDIA camera driver (CVE-2016-8395).
  • Elevation of privilege vulnerability in kernel networking subsystem (CVE-2016-8399).
  • Information disclosure vulnerability in Qualcomm components (CVE-2016-6756, CVE-2016-6757).
  • Information disclosure vulnerability in NVIDIA librm library (CVE-2016-8400).
  • Information disclosure vulnerability in kernel components (CVE-2016-8401, CVE-2016-8402, CVE-2016-8403, CVE-2016-8404, CVE-2016-8405, CVE-2016-8406, CVE-2016-8407).
  • Information disclosure vulnerability in NVIDIA video driver (CVE-2016-8408, CVE-2016-8409).
  • Information disclosure vulnerability in Qualcomm sound driver (CVE-2016-8410).

Successful exploitation of these vulnerabilities could result in remote code execution in the context of the application, an attacker gaining elevated privileges, information disclosure, causing denial of service or bypassing security restrictions.

Actions: 
  • After appropriate testing, immediately apply the updates provided by Google Android or mobile carriers to vulnerable systems.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
References: 

Google:

https://source.android.com/security/bulletin/2016-12-01.html

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6762

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6763

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6766

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6765

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6764

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6767

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6768

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6769

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6770

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6771

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6772

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6773

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6774

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4794

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6775

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6777

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8966

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6915

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6916

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6917

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9120

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8411

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8967

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6778

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6779

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6780

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6492

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6781

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6782

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6783

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6784

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6785

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6761

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6760

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6759

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6758

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6755

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6786

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6787

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6788

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6789

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6790

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6791

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8391

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8392

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8393

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8394

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9909

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9910

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8396

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8397

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5341

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8395

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8399

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6756

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6757

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8401

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8402

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8404

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8406

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8410