CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2017-079

DATE(S) ISSUED:

09/05/2017

OVERVIEW:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

**September 14 - UPDATED OVERVIEW
Additional vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Android OS builds utilizing Security Patch Levels issued prior to September 5, 2017

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Google Android OS is prone to multiple vulnerabilities, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • Multiple arbitrary code execution vulnerabilities in Libraries. (CVE-2017-0753, CVE-2017-6983)
  • Multiple arbitrary code execution vulnerabilities in Media Framework. (CVE-2017-0756, CVE-2017-0757, CVE-2017-0758, CVE-2017-0759, CVE-2017-0760, CVE-2017-0761, CVE-2017-0762, CVE-2017-0763, CVE-2017-0764, CVE-2017-0765, CVE-2017-0766)
  • An elevation of privilege vulnerability in Libraries. (CVE-2017-0755)
  • An elevation of privilege vulnerability in Framework. (CVE-2017-0752)
  • Multiple elevation of privilege vulnerabilities in Media Framework. (CVE-2017-0767, CVE-2017-0768, CVE-2017-0769, CVE-2017-0770)
  • Multiple denial-of-services vulnerabilities in Media Framework. (CVE-2017-0771, CVE-2017-0772, CVE-2017-0773, CVE-2017-0774, CVE-2017-0775, CVE-2017-0776, CVE-2017-0777, CVE-2017-0778, CVE-2017-0779)
  • A denial-of-service vulnerability in Runtime. (CVE-2017-0780)
  • An elevation of privilege in System. (CVE-2017-0784)
  • An arbitrary code execution vulnerability in Broadcom components. (CVE-2017-7065)
  • Multiple elevation of privilege vulnerabilities in Broadcom components. (CVE-2017-0786, CVE-2017-0787, CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791)
  • An information disclosure vulnerability in Broadcom components. (CVE-2017-0792)
  • An information disclosure vulnerability in Imgtk components. (CVE-2017-0793)
  • A remote code execution vulnerability in Kernel components. (CVE-2017-8890)
  • Multiple elevation of privilege vulnerabilities in Kernel components. (CVE-2017-9076, CVE-2017-7487, CVE-2017-6346, CVE-2017-12146, CVE-2017-0794)
  • Multiple information disclosure vulnerabilities in Kernel components. (CVE-2017-9150, CVE-2017-5897, CVE-2017-7495, CVE-2017-7616)
  • Multiple escalation of privilege vulnerabilities in MediaTek components. (CVE-2017-0795, CVE-2017-0796, CVE-2017-0797, CVE-2017-0798, CVE-2017-0799, CVE-2017-0800, CVE-2017-0801, CVE-2017-0802, CVE-2017-0803, CVE-2017-0804)
  • A remote code execution vulnerability in Qualcomm components. (CVE-2017-11041)
  • Multiple information disclosure vulnerabilities in Qualcomm components. (CVE-2017-10996, CVE-2017-11001, CVE-2017-11002, CVE-2017-9676, CVE-2017-8281, CVE-2017-11040)
  • Multiple elevation of privilege vulnerabilities in Qualcomm components. (CVE-2017-9725, CVE-2017-9724, CVE-2017-8278, CVE-2017-10999, CVE-2017-8250, CVE-2017-9677, CVE-2017-10998, CVE-2017-8280, CVE-2017-8251, CVE-2017-10997, CVE-2017-11000, CVE-2017-8247, CVE-2017-9720, CVE-2017-8277)

***September 14 - UPDATED TECHNICAL SUMMARY:
Google Android OS is prone to additional vulnerabilities, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • Multiple arbitrary code execution vulnerabilities in System. (CVE-2017-0781, CVE-2017-0782)
  • Multiple information disclosure vulnerabilities in System. (CVE-2017-0783, CVE-2017-0785)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to only download applications from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

REFERENCES:

CVE::
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0755 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0756 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0757 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0762 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0764 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0766 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0768 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0769 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0770 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0771 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0772 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0773 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0776 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0777 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0778 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0780 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0784 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0786 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0790 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0791 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0792 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0793 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0796 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0800 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0801 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0803 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0804 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6346 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6983 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7065 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7487 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8247 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8277 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8280 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9150 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9676 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9677 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10996 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10997 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10998 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10999 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11000 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12146

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation