tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Google Android Could Allow for Remote Code Execution

Multiple Vulnerabilities in Google Android Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2016-022

DATE(S) ISSUED:

02/02/2016

OVERVIEW:

Multiple vulnerabilities have been discovered in Google Android, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices including, but not limited to, phones, tablets, and watches. Successful exploitation of these issues can allow an attacker to bypass security restrictions, perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data, and execute remote code in the context of the affected application.

THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Android versions prior to 6.0

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Google's Android OS is prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

Multiple remote code execution vulnerabilities in the ‘Broadcom Wi-Fi’ driver when it processes specially crafted wireless control message packets. (CVE-2016-0801, CVE-2016-0802)

Multiple remote code execution and memory corruption vulnerabilities in the ‘Mediaserver’ service when it processes a specially crafted file. (CVE-2016-0803, CVE-2016-0804)

An elevation of privilege vulnerability in ‘Qualcomm Performance Module’ that could allow for a local malicious application to execute arbitrary code within the kernel. (CVE-2016-0805)

An elevation of privilege vulnerability in ‘Qualcomm Wifi Driver’ that could allow for a local malicious application to execute arbitrary code within the context of the kernel. (CVE-2016-0806)

An elevation of privilege vulnerability in the ‘Debuggered’ component that could enablea local malicious application to execute arbitrary code within the device root context. (CVE-2016-0807)

A denial of service vulnerability in the ‘Minikin’ library that could allow for a local attacker to temporarily block access to an affected device. (CVE-2016-0808)

An elevation of privilege vulnerability in the Wi-Fi component that could enable a local malicious application to execute arbitrary code within the System context. (CVE-2016-0809)

An elevation of privilege vulnerability in mediaserver that could enable a local malicious application to execute arbitrary code within the context of an elevated system application. (CVE-2016-0810)

An information disclosure vulnerability in ‘libmediaplayerservice’ that could allow for a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. (CVE-2016-0811)

An elevation of privilege of privilege vulnerability in ‘Setup Wizard’ that could allow for a malicious attacker to bypass the Factory Reset Protection and gain access to the device. (CVE-2016-0812, CVE-2016-0813)

Successful exploitation of these issues can allow an attacker to bypass security restrictions,perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data, and execute remote code in the context of the affected application.

RECOMENDATIONS:

We recommend the following actions be taken:

Android users should patch the device immediately after receiving the update notification from your network carrier.

Try contacting your network carrier to determine when a patch will be available, and to urge them to patch as soon as possible.

Remind users to download apps only from trusted vendors in the Play Store.

Run all software as a non-privileged/non-rooted user to diminish the effects of a successful attack.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation CIS Benchmark and Other Tools for Related Technology Arrow Google Android

Information Hub: Advisories