Google’s July Android Security Bulletin contains the largest number of critical vulnerabilities we’ve seen this year, so even though Google claims there are no reports of active exploitations of these vulnerabilities at this time, users should make sure they update as soon as the update is made available to them.
The report contains 20 critical vulnerabilities in 9 different components. Here is a quick summary of the most prominent issues:
Remote code execution vulnerabilities:
- An OpenSSL and BoringSSL bug allows attackers to manipulate x509 certificates to cause potentially exploitable memory corruption.
- Associated CVE: CVE-2016-2108
- Vulnerabilities exist in Mediaserver that can be exploited by attackers using specially crafted media files, possibly leading to code execution in the Mediaserver process. Exploitable media files may be served using interfaces such as web pages and MMS messages.
Device driver and kernel vulnerabilities:
- Newly discovered vulnerabilities exist in Qualcomm drivers, including the GPU and the Qualcomm performance component.
- There are vulnerabilities in MediaTek drivers that seem to only affect older Android models, such as the Android One.
- Kernel component vulnerabilities include the following.
Note that a big percentage of the vulnerabilities identified in this bulletin are drivers, and driver vulnerabilities only affect users with the corresponding hardware.
Updates continue to spread to more device models, including Nexus and many from Samsung. Skycure can identify exploited devices on your enterprise and help you to track the update process of the devices in your organization.