Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

ITS Advisory Number: 
2017-012
Date(s) Issued: 
Tuesday, February 7, 2017
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

 

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels prior to February 01, 2017.
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Google Android OS is prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Remote code execution vulnerability in Surfaceflinger (CVE-2017-0405).
  • Remote code execution vulnerability in Mediaserver (CVE-2017-0406, CVE-2017-0407).
  • Remote code execution vulnerability in libgdx (CVE-2017-0408).
  • Remote code execution vulnerability in libstagefright (CVE-2017-0409).
  • Elevation of privilege vulnerability in Java.Net (CVE-2016-5552).
  • Elevation of privilege vulnerability in Framework APIs (CVE-2017-0410, CVE-2017-0411, CVE-2017-0412).
  • Elevation of privilege vulnerability in Mediaserver (CVE-2017-0415).
  • Elevation of privilege vulnerability in Audioserver (CVE-2017-0416, CVE-2017-0417, CVE-2017-0418, CVE-2017-0419).
  • Information disclosure vulnerability in AOSP Mail (CVE-2017-0420).
  • Information disclosure vulnerability in AOSP Messaging (CVE-2017-0413, CVE-2017-0414).
  • Information disclosure vulnerability in Framework APIs (CVE-2017-0421).
  • Denial of service vulnerability in Bionic DNS (CVE-2017-0422).
  • Elevation of privilege vulnerability in Bluetooth (CVE-2017-0423).
  • Information disclosure vulnerability in AOSP Messaging (CVE-2017-0424).
  • Information disclosure vulnerability in Audioserver (CVE-2017-0425).
  • Information disclosure vulnerability in Filesystem (CVE-2017-0426).
  • Remote code execution vulnerability in Qualcomm crypto driver (CVE-2016-8418).
  • Elevation of privilege vulnerability in kernel file system (CVE-2017-0427).
  • Elevation of privilege vulnerability in NVIDIA GPU driver (CVE-2017-0428, CVE-2017-0429).
  • Elevation of privilege vulnerability in kernel networking subsystem (CVE-2014-9914).
  • Elevation of privilege vulnerability in Broadcom Wi-Fi driver (CVE-2017-0430).
  • Vulnerabilities in Qualcomm components (CVE-2017-0431).
  • Elevation of privilege vulnerability in MediaTek driver (CVE-2017-0432).
  • Elevation of privilege vulnerability in Synaptics touchscreen driver (CVE-2017-0433, CVE-2017-0434).
  • Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver (CVE-2016-8480).
  • Elevation of privilege vulnerability in Qualcomm sound driver (CVE-2016-8481, CVE-2017-0435, CVE-2017-0436).
  • Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2017-0440, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2016-8476).
  • Elevation of privilege vulnerability in Realtek sound driver (CVE-2017-0444).
  • Elevation of privilege vulnerability in HTC touchscreen driver (CVE-2017-0445, CVE-2017-0446, CVE-2017-0447).
  • Information disclosure vulnerability in NVIDIA video driver (CVE-2017-0448).
  • Elevation of privilege vulnerability in Broadcom Wi-Fi driver (CVE-2017-0449).
  • Elevation of privilege vulnerability in Audioserver (CVE-2017-0450).
  • Elevation of privilege vulnerability in kernel file system (CVE-2016-10044).
  • Information disclosure vulnerability in Qualcomm Secure Execution Environment Communicator (CVE-2016-8414).
  • Information disclosure vulnerability in Qualcomm sound driver (CVE-2017-0451).

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Actions: 
  • After appropriate testing, immediately apply updates provided by Google Android or mobile carriers to vulnerable systems.

  • Run all software as a non-privileged user to diminish the effects of a successful attack.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

 

REFERENCES:

References: 

Google:

https://source.android.com/security/bulletin/2017-02-01.html

 

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9914

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8418

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8419

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8421

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8476

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8480

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8481

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10044

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0406

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0411

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0412

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0413

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0416

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0417

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0418

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0419

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0421

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0423

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0424

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0426

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0427

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0428

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0430

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0431

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0432

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0433

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0434

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0435

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0436

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0437

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0438

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0439

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0440

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0441

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0442

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0443

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0444

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0445

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0446

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0447

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0448

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0449

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0450

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0451