tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2017-043

DATE(S) ISSUED:

05/03/2017

OVERVIEW:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Android OS builds utilizing Security Patch Levels prior to May 1, 2017

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in the Google Android OS, the most severe of which could allow for remote code execution. The vulnerabilities are as follows:

  • Multiple remote code execution vulnerabilities in Mediaserver (CVE-2017-0587, CVE-2017-0588, CVE-2017-0589, CVE-2017-0590, CVE-2017-0591, CVE-2017-0592)
  • An elevation of privilege vulnerability in Framework APIs (CVE-2017-0593)
  • Multiple elevation of privilege vulnerabilities in Mediaserver (CVE-2017-0594, CVE-2017-0595, CVE-2017-0596)
  • An elevation of privilege vulnerability in Audioserver (CVE-2017-0597)
  • An information disclosure vulnerability in Framework APIs (CVE-2017-0598)
  • Multiple denial of service vulnerabilities in Mediaserver (CVE-2017-0599, CVE-2017-0600, CVE-2017-0603, CVE-2017-0635)
  • An elevation of privilege vulnerability in Bluetooth (CVE-2017-0601)
  • An elevation of privilege vulnerability in File-Based Encryption (CVE-2017-0493)
  • An information disclosure vulnerability in Bluetooth (CVE-2017-0602)
  • An information disclosure vulnerability in OpenSSL & BoringSSL (CVE-2016-7056)
  • A remote code execution vulnerability in GIFLIB (CVE-2015-7555)
  • An elevation of privilege vulnerability in MediaTek touchscreen driver (CVE-2016-10724)
  • Multiple elevation of privilege vulnerabilities in Qualcomm bootloader (CVE-2016-10275, CVE-2016-10276)
  • An elevation of privilege vulnerability in kernel sound subsystem (CVE-2016-9794)
  • An elevation of privilege vulnerability in Motorola bootloader (CVE-2016-10277)
  • An elevation of privilege vulnerability in NVIDIA video driver (CVE-2017-0331)
  • An elevation of privilege vulnerability in Qualcomm power driver (CVE-2017-0604)
  • An elevation of privilege vulnerability in kernel trace subsystem (CVE-2017-0605)
  • Multiple vulnerabilities in Qualcomm components (CVE-2016-10240, CVE-2016-10241, CVE-2016-10278, CVE-2016-10279, CVE-2014-9923, CVE-2014-9924, CVE-2014-9925, CVE-2014-9926, CVE-2014-9927, CVE-2014-9928, CVE-2014-9929, CVE-2014-9930, CVE-2015-9005, CVE-2015-9006, CVE-2015-9007, CVE-2016-10297, CVE-2014-9941, CVE-2014-9942, CVE-2014-9943, CVE-2014-9944, CVE-2014-9945, CVE-2014-9946, CVE-2014-9947, CVE-2014-9948, CVE-2014-9949, CVE-2014-9950, CVE-2014-9951, CVE-2014-9952)
  • A remote code execution vulnerability in libxml2 (CVE-2016-5131)
  • Multiple elevation of privilege vulnerabilities in MediaTek thermal driver (CVE-2016-10280, CVE-2016-10281, CVE-2016-10282)
  • An elevation of privilege vulnerability in Qualcomm Wi-Fi driver (CVE-2016-10283)
  • Multiple elevation of privilege vulnerabilities in Qualcomm video driver (CVE-2016-10284, CVE-2016-10285, CVE-2016-10286)
  • An elevation of privilege vulnerability in kernel performance subsystem (CVE-2015-9004)
  • Multiple elevation of privilege vulnerabilities in Qualcomm sound driver (CVE-2016-10287, CVE-2017-0606, CVE-2016-5860, CVE-2016-5867, CVE-2017-0607, CVE-2017-0608, CVE-2017-0609, CVE-2016-5859, CVE-2017-0610, CVE-2017-0611, CVE-2016-5853)
  • An elevation of privilege vulnerability in Qualcomm LED driver (CVE-2016-10288)
  • An elevation of privilege vulnerability in Qualcomm crypto driver (CVE-2016-10289)
  • An elevation of privilege vulnerability in Qualcomm shared memory driver (CVE-2016-10290)
  • An elevation of privilege vulnerability in Qualcomm Slimbus driver (CVE-2016-10291)
  • An elevation of privilege vulnerability in Qualcomm ADSPRPC driver (CVE-2017-0465)
  • Multiple elevation of privilege vulnerabilities in Qualcomm Secure Execution Environment Communicator driver (CVE-2017-0612, CVE-2017-0613, CVE-2017-0614)
  • An elevation of privilege vulnerability in MediaTek power driver (CVE-2017-0615)
  • An elevation of privilege vulnerability in MediaTek system management interrupt driver (CVE-2017-0616)
  • An elevation of privilege vulnerability in MediaTek video driver (CVE-2017-0617)
  • An elevation of privilege vulnerability in MediaTek command queue driver (CVE-2017-0618)
  • An elevation of privilege vulnerability in Qualcomm pin controller driver (CVE-2017-0619)
  • An elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver (CVE-2017-0620)
  • An elevation of privilege vulnerability in Qualcomm sound codec driver (CVE-2016-5862)
  • An elevation of privilege vulnerability in kernel voltage regulator driver (CVE-2014-9940)
  • An elevation of privilege vulnerability in Qualcomm camera driver (CVE-2017-0621)
  • An elevation of privilege vulnerability in Qualcomm networking driver (CVE-2016-5868)
  • An elevation of privilege vulnerability in kernel networking subsystem (CVE-2017-7184)
  • An elevation of privilege vulnerability in Goodix touchscreen driver (CVE-2017-0622)
  • An elevation of privilege vulnerability in HTC bootloader (CVE-2017-0623)
  • An information disclosure vulnerability in Qualcomm Wi-Fi driver (CVE-2017-0624)
  • An information disclosure vulnerability in MediaTek command queue driver (CVE-2017-0625)
  • An information disclosure vulnerability in Qualcomm crypto engine driver (CVE-2017-0626)
  • A denial of service vulnerability in Qualcomm Wi-Fi driver (CVE-2016-10292)
  • An information disclosure vulnerability in kernel UVC driver (CVE-2017-0627)
  • An information disclosure vulnerability in Qualcomm video driver (CVE-2016-10293)
  • An information disclosure vulnerability in Qualcomm power driver (device specific) (CVE-2016-10294)
  • An information disclosure vulnerability in Qualcomm LED driver (CVE-2016-10295)
  • An information disclosure vulnerability in Qualcomm shared memory driver (CVE-2016-10296)
  • Multiple information disclosure vulnerabilities in Qualcomm camera driver (CVE-2017-0628, CVE-2017-0629, CVE-2017-0631)
  • An information disclosure vulnerability in kernel trace subsystem (CVE-2017-0630)
  • Multiple information disclosure vulnerabilities in Qualcomm sound codec driver (CVE-2016-5858, CVE-2017-0632)
  • An information disclosure vulnerability in Qualcomm sound driver (CVE-2016-5347)
  • Multiple information disclosure vulnerabilities in Qualcomm SPCom driver (CVE-2016-5854, CVE-2016-5855)
  • An information disclosure vulnerability in Broadcom Wi-Fi driver (CVE-2017-0633)
  • An information disclosure vulnerability in Synaptics touchscreen driver (CVE-2017-0634)

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to download apps only from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9923 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9924 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9925 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9926 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9927 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9928 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9929 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9930 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9941 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9942 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9943 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9944 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9945 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9946 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9947 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9948 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9949 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9950 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9951 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9952 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7555 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9004 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9005 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9006 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9007 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10240 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10241 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10275 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10276 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10277 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10278 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10279 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10280 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10281 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10282 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10283 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10284 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10285 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10286 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10287 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10288 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10289 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10290 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10291 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10292 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10293 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10294 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10295 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10296 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10297 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10724 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5347 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5853 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5854 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5855 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5858 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5859 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5860 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5862 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5867 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5868 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9794 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0331 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0465 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0493 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0587 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0588 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0589 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0590 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0591 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0592 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0593 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0594 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0595 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0596 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0599 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0600 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0601 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0602 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0603 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0604 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0605 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0606 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0607 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0608 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0609 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0610 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0611 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0612 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0613 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0614 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0615 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0616 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0617 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0618 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0619 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0620 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0621 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0622 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0623 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0624 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0625 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0626 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0627 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0628 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0629 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0630 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0631 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0632 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0633 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0635 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation CIS Benchmark and Other Tools for Related Technology Arrow Google Android