tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2017-061

DATE(S) ISSUED:

07/07/2017

OVERVIEW:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Android OS builds utilizing Security Patch Levels prior to July 5, 2017

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Google Android OS is prone to multiple vulnerabilities, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • An arbitrary code execution vulnerability in Runtime. (CVE-2017-3544)
  • Multiple arbitrary code execution vulnerabilities in Framework. (CVE-2017-0664, CVE-2017-0665, CVE-2017-0666, CVE-2017-0667, CVE-2017-0668, CVE-2017-0669, CVE-2017-0670)
  • Multiple arbitrary code execution vulnerabilities in Libraries. (CVE-2017-0671, CVE-2016-2109, CVE-2017-0672)
  • Multiple arbitrary code execution vulnerabilities in Media Framework. (CVE-2017-0540, CVE-2017-0673, CVE-2017-0674, CVE-2017-0675, CVE-2017-0676, CVE-2017-0677, CVE-2017-0678, CVE-2017-0679, CVE-2017-0680, CVE-2017-0681, CVE-2017-0682, CVE-2017-0683, CVE-2017-0684, CVE-2017-0685, CVE-2017-0686, CVE-2017-0688, CVE-2017-0689, CVE-2017-0690, CVE-2017-0691 ,CVE-2017-0692, CVE-2017-0693, CVE-2017-0694, CVE-2017-0695, CVE-2017-0696, CVE-2017-0697, CVE-2017-0698, CVE-2017-0699)
  • Multiple arbitrary code execution vulnerabilities in System UI. (CVE-2017-0700, CVE-2017-0701, CVE-2017-0702, CVE-2017-0703, CVE-2017-0704)
  • Multiple arbitrary code execution vulnerabilities in Broadcom Components. (CVE-2017-9417, CVE-2017-0705, CVE-2017-0706)
  • Multiple arbitrary code execution vulnerabilities in HTC Components. (CVE-2017-0707, CVE-2017-0708, CVE-2017-0709)
  • Multiple Arbitrary code execution in Kernel Components. (CVE-2017-6074, CVE-2017-5970, CVE-2015-5707, CVE-2017-0710, CVE-2017-7308, CVE-2014-9731)
  • An arbitrary code execution vulnerability in MediaTek Components. (CVE-2017-0711)
  • Multiple arbitrary code execution vulnerabilities in NVIDIA Components. (CVE-2017-0340, CVE-2017-0326)
  • Multiple arbitrary code execution vulnerabilities in Qualcomm Components. (CVE-2017-8255, CVE-2016-10389, CVE-2017-8253, CVE-2017-8262, CVE-2017-8263, CVE-2017-8267, CVE-2017-8273, CVE-2016-5863, CVE-2017-8243, CVE-2017-8246, CVE-2017-8256, CVE-2017-8257, CVE-2017-8259, CVE-2017-8260 CVE-2017-8261, CVE-2017-8264, CVE-2017-8265, CVE-2017-8266, CVE-2017-8268, CVE-2017-8270, CVE-2017-8271, CVE-2017-8272, CVE-2017-8254, CVE-2017-8258, CVE-2017-8269)
  • Multiple arbitrary code execution vulnerabilities in Qualcomm Closed-Source Components. (CVE-2014-9411, CVE-2014-9968, CVE-2014-9973, CVE-2014-9974, CVE-2014-9975, CVE-2014-9977, CVE-2014-9978, CVE-2014-9979, CVE-2014-9980, CVE-2015-0575, CVE-2015-8592, CVE-2015-8595, CVE-2015-8596, CVE-2015-9034, CVE-2015-9035, CVE-2015-9036, CVE-2015-9037, CVE-2015-9038, CVE-2015-9039, CVE-2015-9040, CVE-2015-9041, CVE-2015-9042, CVE-2015-9043, CVE-2015-9044, CVE-2015-9045, CVE-2015-9046, CVE-2015-9047, CVE-2015-9048, CVE-2015-9049, CVE-2015-9050, CVE-2015-9051, CVE-2015-9052, CVE-2015-9053, CVE-2015-9054, CVE-2015-9055, CVE-2015-9060, CVE-2015-9061, CVE-2015-9062, CVE-2015-9067, CVE-2015-9068, CVE-2015-9069, CVE-2015-9070, CVE-2015-9071, CVE-2015-9072, CVE-2015-9073, CVE-2016-10343, CVE-2016-10344, CVE-2016-10346, CVE-2016-10347, CVE-2016-10382, CVE-2016-10383, CVE-2016-10388, CVE-2016-10391, CVE-2016-5871, CVE-2016-5872)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9731 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9968 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9973 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9977 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9978 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9979 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0575 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8592 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8595 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9035 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9038 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9043 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9044 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9045 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9047 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9049 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9050 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9054 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9060 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9061 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9067 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9068 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9069 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9070 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9072 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9073 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5872 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10343 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10344 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10346 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10347 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10391 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0340 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0540 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0674 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0675 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0676 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0677 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0678 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0680 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0683 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0684 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0686 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0688 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0692 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0693 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0695 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0697 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0699 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0666 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0667 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0668 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0669 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0670 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0671 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0706 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0708 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0709 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0710 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8255 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8262 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8263 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8267 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8243 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8246 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8256 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8257 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8259 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8260 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8261 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8264 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8265 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8266 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8268 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8270 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8254 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8269 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 3: Secure Configurations for Hardware and Software Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation CIS Benchmark and Other Tools for Related Technology Arrow Google Android