tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2017-051

DATE(S) ISSUED:

06/05/2017

OVERVIEW:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in the Google Android OS, the most severe of which could allow for remote code execution. These vulnerabilities are as follows:

  • Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2014-9960, CVE-2014-9961, CVE-2014-9953, CVE-2014-9967, CVE-2015-9026, CVE-2015-9027, CVE-2015-9008, CVE-2015-9009, CVE-2015-9010, CVE-2015-9011, CVE-2015-9024, CVE-2015-9012, CVE-2015-9013, CVE-2015-9014, CVE-2015-9015, CVE-2015-9029, CVE-2016-10338, CVE-2016-10336, CVE-2016-10333, CVE-2016-10341, CVE-2016-10335, CVE-2016-10340, CVE-2016-10334, CVE-2016-10339, CVE-2016-10298, CVE-2016-10299, CVE-2014-9954, CVE-2014-9955, CVE-2014-9956, CVE-2014-9957, CVE-2014-9958, CVE-2014-9962, CVE-2014-9963, CVE-2014-9959, CVE-2014-9964, CVE-2014-9965, CVE-2014-9966, CVE-2015-9023, CVE-2015-9020, CVE-2015-9021, CVE-2015-9025, CVE-2015-9022, CVE-2015-9028, CVE-2015-9031, CVE-2015-9032, CVE-2015-9033, CVE-2015-9030, CVE-2016-10332, CVE-2016-10337, CVE-2016-10342)
  • Multiple remote code execution vulnerabilities in Libraries. (CVE-2015-8871, CVE-2016-4658, CVE-2016-5131, CVE-2016-8332, CVE-2017-0663, CVE-2017-5056, CVE-2017-7375, CVE-2017-7376)
  • A remote code execution vulnerability in Media Framework. (CVE-2017-0637)
  • A remote code execution vulnerability in System UI. (CVE-2017-0638)
  • A remote code execution vulnerability in Qualcomm components. (CVE-2017-7371)
  • Multiple elevation of privilege vulnerabilities in Qualcomm components. (CVE-2016-5861, CVE-2016-5864, CVE-2017-6421, CVE-2017-7364, CVE-2017-7365, CVE-2017-7366, CVE-2017-7367, CVE-2017-7368, CVE-2017-7369, CVE-2017-7370, CVE-2017-7372, CVE-2017-7373, CVE-2017-8233, CVE-2017-8234, CVE-2017-8235, CVE-2017-8236, CVE-2017-8237, CVE-2017-8242)
  • Multiple elevation of privilege vulnerabilities in MediaTek components. (CVE-2017-0636, CVE-2017-0649)
  • An elevation of privilege vulnerability in Synaptics components. (CVE-2017-0650)
  • Multiple elevation of privilege vulnerabilities in nVidia components. (CVE-2017-6247, CVE-2017-6248)
  • An elevation of privilege vulnerability in Bluetooth. (CVE-2017-6045)
  • An elevation of privilege vulnerability in Kernel components. (CVE-2017-0648)
  • Multiple information disclosure vulnerabilities in Qualcomm components. (CVE-2017-8239, CVE-2017-8240, CVE-2017-8241)
  • Multiple information disclosure vulnerabilities in Bluetooth. (CVE-2017-0639, CVE-2017-0646)
  • An information disclosure vulnerability in Kernel components. (CVE-2017-0651)
  • Multiple information disclosure vulnerabilities in Libraries. (CVE-2017-0647, CVE-2015-7995)
  • Multiple denial of service vulnerabilities in Media Framework. (CVE-2017-0391, CVE-2017-0640, CVE-2017-0641, CVE-2017-0642, CVE-2017-0643, CVE-2017-0644)
  • A denial of service vulnerability in Libraries. (CVE-2016-1839)

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:

CVE::
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9953 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9954 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9955 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9956 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9957 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9958 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9959 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9960 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9961 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9962 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9963 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9964 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9965 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9966 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9967 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8871 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9008 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9009 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9010 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9011 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9012 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9013 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9014 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9015 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9020 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9021 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9022 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9023 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9024 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9025 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9026 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9027 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9028 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9029 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9030 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9031 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9032 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9033 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10298 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10299 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10332 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10333 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10334 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10335 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10336 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10337 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10338 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10339 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10340 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10341 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10342 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5861 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5864 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8332 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0391 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0636 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0637 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0638 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0639 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0640 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0641 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0642 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0643 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0644 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0645 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0646 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0647 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0648 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0649 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0650 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0651 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5056 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6247 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6248 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6421 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7364 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7365 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7366 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7367 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7368 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7369 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7370 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7371 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7372 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7373 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8233 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8234 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8235 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8236 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8237 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8239 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8240 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8241 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8242

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 3: Secure Configurations for Hardware and Software Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation

Information Hub: Advisories



Pencil Benchmark 17 Aug 2017

Pencil Blog post 14 Aug 2017

Pencil Blog post 11 Aug 2017