Google reported 8 critical severity vulnerabilities in their June Android Security Bulletin. Although Google reports that it hasn’t seen any active exploitation of these issues on its protection services or in SafetyNet, attackers are likely to put effort into exploiting these vulnerabilities, and it’s good to be aware of them.
Google has addressed these issues directly by releasing a security update to Nexus devices through an over-the-air (OTA) update and also releasing firmware images to the Google Developer site. Partners were also notified about the issues described her last month, including source code patches where applicable.
Here are a few of the more prominent issues that were reported:
Privilege Escalation Vulnerabilities:
- A big variety of vulnerabilities in Qualcomm drivers (present in the majority of Android devices) allow local malicious applications using basic services, such as video, sound and Wi-Fi, to obtain unauthorized high privileges, which would allow (among other things) rooting of the device.
Remote Code Execution Vulnerabilities:
- A new vulnerability in Mediaserver has a critical severity rating due to the high permissions of the mediaserver process. This vulnerability is likely to be exploited using media files which may be served using interfaces such as web pages and MMS messages.
- Associated CVE: CVE-2016-2463
- Another non-critical vulnerability which affects the processing of media files, and is likely to be exploited on files served with remote content. Likely exploits would leverage MMS and browser playback of media files.
- Associated CVE: CVE-2016-2464
Skycure can identify exploited devices on your enterprise and will help you track the update process of devices in your organization. For example, we have already seen updates being spread to Nexus devices, Samsung Galaxy (S5, S6, S7 and Note 4), OnePlus and others.