The search engine giant “Google” has patched around 107 security vulnerabilities of its Linux-based mobile operating system “Android”. In “Android Security Bulletin- 2017”, google has announced that an on-the-air (OTA) update has been released by the company. This update is for all the android based devices including Pixel and Nexus. Out of 107 security vulnerabilities, 35 have been rated by Google as “Critical Vulnerabilities”. The search engine giant released a partial security patch level string on 1st March 2017 and a complete security patch level string on 5th March 2017.
Security Update of 1st March 2017
It was a partial security update and Google has patched 36 security vulnerabilities in this update. From these 36 security flaws, 11 were critical security flaws, 15 were high severity security flaws, 9 were moderate and 1 was the low level security flaw.
11 Critical Security Vulnerabilities
All the 11 critical flaws were RCE (Remote Code Execution) security issues. 9 of them were related to Mediaserver, 1 was related to EoP (Elevation of Privilege) and another one was allowing attackers to exploit OpenSSL and BoringSSL. The attackers could exploit a Remote Code Execution to remotely hijack any Android device.
15 High Severity Security Vulnerabilities
9 DoS (Denial of Service) Vulnerabilities in Mediaserver
3 RCE (Remote Code Execution) Vulnerabilities in Messaging, Libgdx, and Framesequence
2 EoP Vulnerabilities in EoP
9 Moderate and 1 Low-Level Security Vulnerability
5 Elevation of Privilege (EoP) Vulnerabilities in Wi-Fi, Location Manager, System UI, and Package Manager.
2 Information Disclosure Vulnerabilities in AOSP Messaging and Mediaserver
2 DoS Vulnerabilities in Mediaserver and Setup Wizard
1 Low-Level DoS Security Flaw in Audioserver
Security Update of 5th March 2017
Google has patched 71 security vulnerability in this second security update. It was a complete security update. Out of these 71 security vulnerabilities, 24 were critical, 32 were high-risk vulnerability, 14 were moderate and 1 was low-risk security vulnerabilities. The details are as given below:
24 Critical Vulnerabilities
19 Elevation of Privilege (EoP) Vulnerabilities ( 5 in NVIDIA GPU Driver, 7 in MediaTek Components, 1 in Broadcom Wi-Fi Driver, 2 in Kernel ION subsystem, 1 in Qualcomm GPU driver, 1 in Broadcom Wi-Fi Driver, 1 in-kernel networking subsystem and 1 in kernel FIQ debugger)
5 Security Vulnerabilities in various Qualcomm components.
32 High Severity Vulnerabilities
25 Elevation of Privilege (EoP) Vulnerabilities in Kernel Networking Subsystem, MediaTek Hardware Sensor Driver, Qualcomm Fingerprint Sensor Driver, Qualcomm Camera Driver, Qualcomm Wi-Fi Driver, Qualcomm IPA Driver, NVIDIA GPU Driver, Kernel Security Subsystem, Qualcomm input hardware driver, Qualcomm ADSPRPC driver, Qualcomm Crypto Engine Driver, MediaTek APK, Synaptics Touchscreen Driver, HTC Sensor Hub Driver, Qualcomm Networking Driver and Qualcomm SPCom Driver.
6 Information Disclosure vulnerabilities in MediaTek Driver, Qualcomm Power Driver, Kernel Networking Subsystem, Qualcomm bootloader, NVIDIA GPU driver.
1 DoS vulnerability in Kernel Cryptographic Subsystem.
14 Moderate Security Flaws
13 Information Disclosure security flaws in MediaTek Video Codec Driver, Qualcomm Camera Driver, Synaptics Touchscreen Driver, Qualcomm Wi-Fi Driver, Qualcomm Video Driver, HTC Sound Codec Driver and Kernel USB gadget driver.
1 EoP security flaw in Qualcomm camera driver.
1 Low-Level Security Vulnerability
It was an information disclosure vulnerability in Qualcomm camera driver of all android devices.
The Google has released an OTA update for all the android based devices (Nexus, Pixel, and Android One) to patch these security vulnerabilities. An on-the-air update has no need of user interaction because the company can automatically install new updates on all devices. Stay tuned with us for more updates.