tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2017-070

DATE(S) ISSUED:

08/08/2017

OVERVIEW:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Google Android OS is prone to multiple vulnerabilities, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • An arbitrary code execution vulnerability exist in Framework. (CVE-2017-0712)
  • An arbitrary code execution vulnerability exist in Libraries. (CVE-2017-0713)
  • Multiple arbitrary code execution vulnerabilities exist in Media framework (CVE-2017-0714, CVE-2017-0715, CVE-2017-0716, CVE-2017-0718, CVE-2017-0719, CVE-2017-0720, CVE-2017-0721, CVE-2017-0722, CVE-2017-0723, CVE-2017-0745, CVE-2017-0724, CVE-2017-0725, CVE-2017-0726, CVE-2017-0727, CVE-2017-0728, CVE-2017-0729, CVE-2017-0730, CVE-2017-0731, CVE-2017-0732, CVE-2017-0733, CVE-2017-0734, CVE-2017-0735, CVE-2017-0736, CVE-2017-0737, CVE-2017-0738, CVE-2017-0739)
  • An arbitrary code execution vulnerability in Broadcom components. (CVE-2017-0740)
  • Multiple arbitrary code execution vulnerabilities exist in Kernel components. (CVE-2017-10661, CVE-2017-0750, CVE-2017-10662, CVE-2017-10663, CVE-2017-0749)
  • Multiple arbitrary code execution vulnerabilities exist in MediaTek components. (CVE-2017-0741, CVE-2017-0742)
  • Multiple arbitrary code execution vulnerabilities exist in Qualcomm components. (CVE-2017-0746, CVE-2017-0747, CVE-2017-9678, CVE-2017-9691, CVE-2017-9684, CVE-2017-9682)
  • Multiple unspecified vulnerabilities exist in Google device updates. (CVE-2017-0744, CVE-2017-9679, CVE-2017-9680, CVE-2017-0748, CVE-2017-9681, CVE-2017-9693, CVE-2017-9694, CVE-2017-0751, CVE-2017-9692)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to only download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

REFERENCES:

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0714 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0716 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0719 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0723 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0727 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0731 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0735 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-07317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0747 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0748 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0749 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0750 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9678 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9680 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9684 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9692 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9693 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10661 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10662 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10663

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 3: Secure Configurations for Hardware and Software

Information Hub: Advisories



Pencil Benchmark 17 Aug 2017

Pencil Blog post 14 Aug 2017

Pencil Blog post 11 Aug 2017