Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

ITS Advisory Number: 
2016-169
Date(s) Issued: 
Wednesday, October 5, 2016
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices including, but not limited to smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of these vulnerabilities could result in remote code execution in the context of the application, an attacker gaining elevated privileges, information disclosure, or bypassing security restrictions.

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels prior to the Security Patch Level published on October 05, 2016.

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Google's Android OS is prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows: 

  • Elevation of privilege vulnerability in ServiceManager (CVE-2016-3900).

  • Elevation of privilege vulnerability in Lock Settings Service (CVE-2016-3908).

  • Elevation of privilege vulnerability in Mediaserver (CVE-2016-3909, CVE-2016-3910, CVE-2016-3913).

  • Elevation of privilege vulnerability in Zygote process (CVE-2016-3911).

  • Elevation of privilege vulnerability in framework APIs (CVE-2016-3912).

  • Elevation of privilege vulnerability in Telephony (CVE-2016-3914).

  • Elevation of privilege vulnerability in Camera service (CVE-2016-3915, CVE-2016-3916).

  • Elevation of privilege vulnerability in fingerprint login (CVE-2016-3917).

  • Information disclosure vulnerability in AOSP Mail (CVE-2016-3918).

  • Denial of service vulnerability in Wi-Fi (CVE-2016-3882).

  • Denial of service vulnerability in GPS (CVE-2016-5348).

  • Denial of service vulnerability in Mediaserver (CVE-2016-3920).

  • Elevation of privilege vulnerability in Framework Listener (CVE-2016-3921).

  • Elevation of privilege vulnerability in Telephony (CVE-2016-3922).

  • Elevation of privilege vulnerability in Accessibility services (CVE-2016-3923).

  • Information disclosure vulnerability in Mediaserver (CVE-2016-3924).

  • Denial of service vulnerability in Wi-Fi (CVE-2016-3925).

  • Remote code execution vulnerability in kernel ASN.1 decoder (CVE-2016-0758).

  • Remote code execution vulnerability in kernel networking subsystem (CVE-2016-7117).

  • Elevation of privilege vulnerability in MediaTek video driver (CVE-2016-3928).

  • Elevation of privilege vulnerability in kernel shared memory driver (CVE-2016-5340).

  • Vulnerabilities in Qualcomm components (CVE-2016-3926, CVE-2016-3927, CVE-2016-3929).

  • Elevation of privilege vulnerability in Qualcomm networking component (CVE-2016-2059).

  • Elevation of privilege vulnerability in NVIDIA MMC test driver (CVE-2016-3930).

  • Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver (CVE-2016-3931).

  • Elevation of privilege vulnerability in Mediaserver (CVE-2016-3932, CVE-2016-3933).

  • Elevation of privilege vulnerability in Qualcomm camera driver (CVE-2016-3903, CVE-2016-3934).

  • Elevation of privilege vulnerability in Qualcomm sound driver (CVE-2015-8951).

  • Elevation of privilege vulnerability in Qualcomm crypto engine driver (CVE-2016-3901, CVE-2016-3935).

  • Elevation of privilege vulnerability in MediaTek video driver (CVE-2016-3936, CVE-2016-3937).

  • Elevation of privilege vulnerability in Qualcomm video driver (CVE-2016-3938, CVE-2016-3939).

  • Elevation of privilege vulnerability in Synaptics touchscreen driver (CVE-2016-3940, CVE-2016-6672).

  • Elevation of privilege vulnerability in NVIDIA camera driver (CVE-2016-6673).

  • Elevation of privilege vulnerability in system_server (CVE-2016-6674).

  • Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (CVE-2016-3905, CVE-2016-6675, CVE-2016-6676, CVE-2016-5342).

  • Elevation of privilege vulnerability in kernel performance subsystem (CVE-2015-8955).

  • Information disclosure vulnerability in kernel ION subsystem (CVE-2015-8950).

  • Information disclosure vulnerability in NVIDIA GPU driver (CVE-2016-6677).

  • Elevation of privilege vulnerability in Qualcomm character driver (CVE-2015-0572).

  • Information disclosure vulnerability in Qualcomm sound driver (CVE-2016-3860).

  • Information disclosure vulnerability in Motorola USBNet driver (CVE-2016-6678).

  • Information disclosure vulnerability in Qualcomm components (CVE-2016-6679, CVE-2016-3902, CVE-2016-6680, CVE-2016-6681, CVE-2016-6682).

  • Information disclosure vulnerability in kernel components (CVE-2016-6683, CVE-2016-6684, CVE-2015-8956, CVE-2016-6685).

  • Information disclosure vulnerability in NVIDIA profiler (CVE-2016-6686, CVE-2016-6687, CVE-2016-6688).

  • Information disclosure vulnerability in kernel (CVE-2016-6689).

  • Denial of service vulnerability in kernel networking subsystem (CVE-2016-5696).

  • Denial of service vulnerability in kernel sound driver (CVE-2016-6690).

  • Vulnerabilities in Qualcomm components (CVE-2016-6691, CVE-2016-6692, CVE-2016-6693, CVE-2016-6694, CVE-2016-6695, CVE-2016-6696, CVE-2016-5344, CVE-2016-5343).

Successful exploitation of these vulnerabilities could result in remote code execution in the context of the application, an attacker gaining elevated privileges, information disclosure, or bypassing security restrictions.

Actions: 
  • After appropriate testing, apply updates provided by Google Android or mobile carriers to vulnerable systems.

  • Remind users to download apps only from trusted vendors in the Play Store.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

 

References: 

Google:

https://source.android.com/security/bulletin/2016-10-01.html

 

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-0572

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8951

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8955

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0758

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-2059

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3860

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3882

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3900

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3901

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3902

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3903

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3905

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3908

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3909  

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3910

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3911

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3912

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3913

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3914

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3915

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3916

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3917

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3918

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3920

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3921

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3922

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3923

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3924

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3925

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3926

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3927

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3930

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3931

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3933

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3934

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3935

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3936

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3937

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3938

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3939

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5340

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5342

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5343

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5344

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5348

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5696

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6672

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6673

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6674

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6675

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6676

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6677

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6678

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6679

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6680

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6681

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6682

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6683

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6684

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6685

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6686

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6687

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6688

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6689

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6690

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6691

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6692

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6693

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6694

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6695

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6696

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7117