Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

ITS Advisory Number: 
2016-189
Date(s) Issued: 
Tuesday, November 8, 2016
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices including, but not limited to smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of these vulnerabilities could result in remote code execution in the context of the application, an attacker gaining elevated privileges, information disclosure, or bypassing security restrictions.

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels prior to the Security Patch Level published on November 6, 2016.

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Google's Android OS is prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Remote code execution vulnerability in Mediaserver. (CVE-2016-6699)

  • Elevation of privilege vulnerability in libzipfile. (CVE-2016-6700)

  • Remote code execution vulnerability in Skia. (CVE-2016-6701)

  • Remote code execution vulnerability in libjpeg. (CVE-2016-6702)

  • Remote code execution vulnerability in Android runtime. (CVE-2016-6703)

  • Elevation of privilege vulnerability in Mediaserver. (CVE-2016-6704, CVE-2016-6705, CVE-2016-6706)

  • Elevation of privilege vulnerability in System Server. (CVE-2016-6707)

  • Elevation of privilege vulnerability in System UI. (CVE-2016-6708)

  • Information disclosure vulnerability in Conscrypt and BoringSSL. (CVE-2016-6709)

  • Information disclosure vulnerability in download manager. (CVE-2016-6710)

  • Denial of service vulnerability in Bluetooth. (CVE-2014-9908)

  • Denial of service vulnerability in OpenJDK. (CVE-2015-0410)

  • Denial of service vulnerability in Mediaserver. (CVE-2016-6711, CVE-2016-6712, CVE-2016-6713, CVE-2016-6714)

  • Elevation of privilege vulnerability in Framework APIs. (CVE-2016-6715)

  • Elevation of privilege vulnerability in AOSP Launcher. (CVE-2016-6716)

  • Elevation of privilege vulnerability in Mediaserver. (CVE-2016-6717)

  • Elevation of privilege vulnerability in Account Manager. Service (CVE-2016-6718)

  • Elevation of privilege vulnerability in Bluetooth. (CVE-2016-6719)

  • Information disclosure vulnerability in Mediaserver. (CVE-2016-6720, CVE-2016-6721, CVE-2016-6722)

  • Denial of service vulnerability in Proxy Auto Config. (CVE-2016-6723)

  • Denial of service vulnerability in Input Manager Service. (CVE-2016-6724)

  • Remote code execution vulnerability in Qualcomm crypto. driver (CVE-2016-6725)

  • Elevation of privilege vulnerability in kernel file system. (CVE-2015-8961, CVE-2016-7910, CVE-2016-7911)

  • Elevation of privilege vulnerability in kernel SCSI driver. (CVE-2015-8962)

  • Elevation of privilege vulnerability in kernel media driver. (CVE-2016-7913)

  • Elevation of privilege vulnerability in kernel USB driver. (CVE-2016-7912)

  • Elevation of privilege vulnerability in kernel ION subsystem. (CVE-2016-6728)

  • Elevation of privilege vulnerability in Qualcomm bootloader. (CVE-2016-6729)

  • Elevation of privilege vulnerability in NVIDIA GPU driver. (CVE-2016-6730, CVE-2016-6731, CVE-2016-6732, CVE-2016-6733, CVE-2016-6734, CVE-2016-6735, CVE-2016-6736)

  • Elevation of privilege vulnerability in kernel networking subsystem. (CVE-2016-6828)

  • Elevation of privilege vulnerability in kernel sound subsystem. (CVE-2016-2184)

  • Elevation of privilege vulnerability in kernel ION subsystem. (CVE-2016-6737)

  • Vulnerabilities in Qualcomm components. (CVE-2016-6726, CVE-2016-6727)

  • Remote code execution vulnerability in Expat. (CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283)

  • Remote code execution vulnerability in Webview. (CVE-2016-6754)

  • Remote code execution vulnerability in Freetype. (CVE-2014-9675)

  • Elevation of privilege vulnerability in kernel performance subsystem. (CVE-2015-8963)

  • Elevation of privilege vulnerability in kernel system-call auditing subsystem. (CVE-2016-6136)

  • Elevation of privilege vulnerability in Qualcomm crypto engine driver. (CVE-2016-6738)

  • Elevation of privilege vulnerability in Qualcomm camera driver. (CVE-2016-6739, CVE-2016-6740, CVE-2016-6741)

  • Elevation of privilege vulnerability in Qualcomm bus driver. (CVE-2016-3904)

  • Elevation of privilege vulnerability in Synaptics touchscreen driver. (CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-6743)

  • Information disclosure vulnerability in kernel components. (CVE-2015-8964, CVE-2016-7914, CVE-2016-7915, CVE-2016-7916)

  • Information disclosure vulnerability in NVIDIA GPU driver. (CVE-2016-6746)

  • Denial of service vulnerability in Mediaserver. (CVE-2016-6747)

  • Information disclosure vulnerability in kernel components. (CVE-2016-6753, CVE-2016-7917)

  • Information disclosure vulnerability in Qualcomm components. (CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752)

  • Elevation of privilege vulnerability in kernel memory subsystem. (CVE-2016-5195)

Successful exploitation of these vulnerabilities could result in remote code execution in the context of the application, an attacker gaining elevated privileges, information disclosure, causing denial of service or bypassing security restrictions.

Actions: 
  • After appropriate testing, apply patches provided by Google Android or mobile carriers to the vulnerable systems.

  • Remind users to download apps only from trusted vendors in the Play Store.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

 

 

References: 

Google:

https://source.android.com/security/bulletin/2016-11-01.html

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9908

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8961

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8962

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8963

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8964

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2184

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3904

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3906

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3907

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6136

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6698

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6699

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6700

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6701

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6702

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6703

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6704

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6705

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6706

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6707

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6708

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6709

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6710

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6711

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6712

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6713

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6714

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6715

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6716

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6717

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6718

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6719

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6720

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6721

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6722

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6723

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6724

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6725

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6726

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6727

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6728

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6729

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6730

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6731

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6732

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6733

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6734

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6735

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6736

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6737

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6738

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6739

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6740

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6741

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6742

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6743

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6744

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6745

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6746

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6747

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6748

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6749

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6750

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6751

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6752

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6753

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6754

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7910

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7911

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7912

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7913

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7914

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7915

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7916

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7917