Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Executio

ITS Advisory Number: 
2017-001
Date(s) Issued: 
Wednesday, January 4, 2017
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Executio
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels prior to January 05, 2017.
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Google Android OS is prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Remote code execution vulnerability in Mediaserver (CVE-2017-0381).
  • Remote code execution vulnerability in c-ares (CVE-2016-5180).
  • Remote code execution vulnerability in Framesequence (CVE-2017-0382).
  • Elevation of privilege vulnerability in Framework APIs (CVE-2017-0383).
  • Multiple elevation of privilege vulnerabilities in Audioserver (CVE-2017-0384, CVE-2017-0385).
  • Elevation of privilege vulnerability in libnl (CVE-2017-0386).
  • Elevation of privilege vulnerability in Mediaserver (CVE-2017-0387).
  • Information disclosure vulnerability in External Storage Provider (CVE-2017-0388).
  • Denial of service vulnerability in core networking (CVE-2017-0389).
  • Multiple denial of service vulnerabilities in Mediaserver (CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393).
  • Denial of service vulnerability in Telephony (CVE-2017-0394).
  • Elevation of privilege vulnerability in Contacts (CVE-2017-0395).
  • Multiple information disclosure vulnerabilities in Mediaserver (CVE-2017-0396, CVE-2017-0397).
  • Multiple information disclosure vulnerabilities in Audioserver (CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402).
  • Elevation of privilege vulnerability in kernel memory subsystem (CVE-2015-3288).
  • Multiple elevation of privilege vulnerabilities in Qualcomm bootloader (CVE-2016-8422, CVE-2016-8423).
  • Elevation of privilege vulnerability in kernel file system (CVE-2015-5706).
  • Multiple elevation of privilege vulnerabilities in NVIDIA GPU driver (CVE-2016-8424, CVE-2016-8425, CVE-2016-8426, CVE-2016-8482, CVE-2016-8427, CVE-2016-8428, CVE-2016-8429, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432).
  • Elevation of privilege vulnerability in MediaTek driver (CVE-2016-8433).
  • Elevation of privilege vulnerability in Qualcomm GPU driver (CVE-2016-8434).
  • Elevation of privilege vulnerability in NVIDIA GPU driver (CVE-2016-8435).
  • Elevation of privilege vulnerability in Qualcomm video driver (CVE-2016-8436).
  • Multiple vulnerabilities in Qualcomm components (CVE-2016-5080, CVE-2016-8398, CVE-2016-8437, CVE-2016-8438, CVE-2016-8439, CVE-2016-8440, CVE-2016-8441, CVE-2016-8442, CVE-2016-8443, CVE-2016-8459).
  • Multiple elevation of privilege vulnerabilities in Qualcomm camera (CVE-2016-8412, CVE-2016-8444).
  • Multiple elevation of privilege vulnerabilities in MediaTek components (CVE-2016-8445, CVE-2016-8446, CVE-2016-8447, CVE-2016-8448).
  • Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (CVE-2016-8415).
  • Elevation of privilege vulnerability in NVIDIA GPU driver (CVE-2016-8449).
  • Elevation of privilege vulnerability in Qualcomm sound driver (CVE-2016-8450).
  • Elevation of privilege vulnerability in Synaptics touchscreen driver (CVE-2016-8451).
  • Elevation of privilege vulnerability in kernel security subsystem (CVE-2016-7042).
  • Elevation of privilege vulnerability in kernel performance subsystem (CVE-2017-0403).
  • Elevation of privilege vulnerability in kernel sound subsystem (CVE-2017-0404).
  • Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (CVE-2016-8452).
  • Elevation of privilege vulnerability in Qualcomm radio driver (CVE-2016-5345).
  • Elevation of privilege vulnerability in kernel profiling subsystem (CVE-2016-9754).
  • Multiple elevation of privilege vulnerabilities in Broadcom Wi-Fi driver (CVE-2016-8453, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457).
  • Elevation of privilege vulnerability in Synaptics touchscreen driver (CVE-2016-8458).
  • Information disclosure vulnerability in NVIDIA video driver (CVE-2016-8460).
  • Information disclosure vulnerability in bootloader (CVE-2016-8461, CVE-2016-8462).
  • Denial of service vulnerability in Qualcomm FUSE file system (CVE-2016-8463).
  • Denial of service vulnerability in bootloader (CVE-2016-8467).
  • Multiple elevation of privilege vulnerabilities in Broadcom Wi-Fi driver (CVE-2016-8464, CVE-2016-8465, CVE-2016-8466).
  • Elevation of privilege vulnerability in bootloader (CVE-2016-8467).
  • Elevation of privilege vulnerability in Binder (CVE-2016-8468).
  • Information disclosure vulnerability in NVIDIA camera driver (CVE-2016-8469).
  • Multiple information disclosure vulnerabilities in MediaTek driver (CVE-2016-8470, CVE-2016-8471, CVE-2016-8472).
  • Information disclosure vulnerability in STMicroelectronics driver (CVE-2016-8473, CVE-2016-8474).
  • Multiple information disclosure vulnerabilities in Qualcomm audio post processor (CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402).
  • Information disclosure vulnerability in HTC input driver (CVE-2016-8475).
  • Denial of service vulnerability in kernel file system (CVE-2014-9420).

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Actions: 
  • After appropriate testing, immediately apply updates provided by Google Android or mobile carriers to vulnerable systems.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
References: 

Google:

https://source.android.com/security/bulletin/2017-01-01.html  

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3288

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5706

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5080

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5345

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8398

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8412

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8415  

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8423

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8424

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8426

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8427

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8428

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8430

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8431

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8432

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8433

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8434

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8435

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8436

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8437

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8438

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8439

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8440

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8441

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8442

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8443

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8444

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8445

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8446

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8447

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8448

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8449

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8450

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8451

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8452

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8453

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8454

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8455

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8456

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8457

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8458

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8459

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8460

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8461

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8462

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8463

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8464

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8465

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8466

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8467

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8468

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8469

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8470

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8471

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8472

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8473

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8474

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8475

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8482

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9754

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0381

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0382

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0383

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0384

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0385

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0386

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0387

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0388

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0389

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0390

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0391

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0392

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0393

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0394   

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0395

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0396

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0397

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0398

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0399

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0401

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0402

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0404