Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Android October Security Bulletin Fixes 78 Vulnerabilities

0
0

Google released on Monday, the Android October Security Bulletin, which this month addresses 78 security flaws, spread across two different patch levels.

These patch levels organize security flaws based on the components they affect, with the "2016-10-01 security patch level" affecting core Android services, drivers, and components that all smartphone vendors must address with high priority. The "2016-10-05 security patch level" only addresses issues in selected drivers and components that only some OEMs deploy with their Android versions, and smartphone vendors are required to implement only if they use those components.

The good news is that this month, Google engineers fixed only high and moderate level issues in core Android components, with no critical issues reported.

For this month, Google addresses 15 high severity issues and five moderate vulnerabilities in core Android components such as the Zygote core process, ServiceManager, the Lock Settings Service, the Mediaserver component, the Telephony component, the Camera service, the fingerprint login feature, and more.

Some kernel issues discovered, but they don't affect all Android versions

On the other hand, there were seven critical-level issues for Android drivers and vendor-specific components, with three affecting Qualcomm components, and the rest affecting the MediaTek video driver, the kernel ASN.1 decoder, the kernel networking subsystem, and the kernel shared memory driver.

While these issues are more severe, as stated above, they do not affect all Android smartphone vendors.

Android's own developers have discovered most of the issues, but independent security researchers have contributed with bug reports. Additionally, security firms such as Qihoo 360, Copperhead Security, Nightwatch Cybersecurity, Cheetah Mobile, Trend Micro, IBM X-Force, and C0RE Team have also filed bug reports.

As OEMs release new Android versions to mobile operators and their customers, more detailed bug reports will be published by security vendors in the upcoming days, detailing the vulnerabilities in more depth. If there's one that has a potential to do harm, we'll be covering it in a future article.

Issue CVE Severity Affects Nexus? 2016-10-01 security patch level Elevation of privilege vulnerability in ServiceManager CVE-2016-3900 High Yes Elevation of privilege vulnerability in Lock Settings Service CVE-2016-3908 High Yes Elevation of privilege vulnerability in Mediaserver CVE-2016-3909, CVE-2016-3910, CVE-2016-3913 High Yes Elevation of privilege vulnerability in Zygote process CVE-2016-3911 High Yes Elevation of privilege vulnerability in framework APIs CVE-2016-3912 High Yes Elevation of privilege vulnerability in Telephony CVE-2016-3914 High Yes Elevation of privilege vulnerability in Camera service CVE-2016-3915, CVE-2016-3916 High Yes Elevation of privilege vulnerability in fingerprint login CVE-2016-3917 High Yes Information disclosure vulnerability in AOSP Mail CVE-2016-3918 High Yes Denial of service vulnerability in Wi-Fi CVE-2016-3882 High Yes Denial of service vulnerability in GPS CVE-2016-5348 High Yes Denial of service vulnerability in Mediaserver CVE-2016-3920 High Yes Elevation of privilege vulnerability in Framework Listener CVE-2016-3921 Moderate Yes Elevation of privilege vulnerability in Telephony CVE-2016-3922 Moderate Yes Elevation of privilege vulnerability in Accessibility services CVE-2016-3923 Moderate Yes Information disclosure vulnerability in Mediaserver CVE-2016-3924 Moderate Yes Denial of service vulnerability in Wi-Fi CVE-2016-3925 Moderate Yes Issue CVE Severity Affects Nexus? 2016-10-05 security patch level Remote code execution vulnerability in kernel ASN.1 decoder CVE-2016-0758 Critical Yes Remote code execution vulnerability in kernel networking subsystem CVE-2016-7117 Critical Yes Elevation of privilege vulnerability in MediaTek video driver CVE-2016-3928 Critical No Elevation of privilege vulnerability in kernel shared memory driver CVE-2016-5340 Critical Yes Vulnerabilities in Qualcomm components CVE-2016-3926, CVE-2016-3927, CVE-2016-3929 Critical Yes Elevation of privilege vulnerability in Qualcomm networking component CVE-2016-2059 High Yes Elevation of privilege vulnerability in NVIDIA MMC test driver CVE-2016-3930 High Yes Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver CVE-2016-3931 High Yes Elevation of privilege vulnerability in Mediaserver CVE-2016-3932, CVE-2016-3933 High Yes Elevation of privilege vulnerability in Qualcomm camera driver CVE-2016-3903, CVE-2016-3934 High Yes Elevation of privilege vulnerability in Qualcomm sound driver CVE-2015-8951 High Yes Elevation of privilege vulnerability in Qualcomm crypto engine driver CVE-2016-3901, CVE-2016-3935 High No Elevation of privilege vulnerability in MediaTek video driver CVE-2016-3936, CVE-2016-3937 High Yes Elevation of privilege vulnerability in Qualcomm video driver CVE-2016-3938, CVE-2016-3939 High Yes Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2016-3940, CVE-2016-6672 High Yes Elevation of privilege vulnerability in NVIDIA camera driver CVE-2016-6673 High Yes Elevation of privilege vulnerability in system_server CVE-2016-6674 High Yes Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2016-3905, CVE-2016-6675, CVE-2016-6676, CVE-2016-5342 High Yes Elevation of privilege vulnerability in kernel performance subsystem CVE-2015-8955 High Yes Information disclosure vulnerability in kernel ION subsystem CVE-2015-8950 High Yes Information disclosure vulnerability in NVIDIA GPU driver CVE-2016-6677 High Yes Elevation of privilege vulnerability in Qualcomm character driver CVE-2015-0572 Moderate Yes Information disclosure vulnerability in Qualcomm sound driver CVE-2016-3860 Moderate Yes Information disclosure vulnerability in Motorola USBNet driver CVE-2016-6678 Moderate Yes Information disclosure vulnerability in Qualcomm components CVE-2016-6679, CVE-2016-3902, CVE-2016-6680, CVE-2016-6681, CVE-2016-6682 Moderate Yes Information disclosure vulnerability in kernel components CVE-2016-6683, CVE-2016-6684, CVE-2015-8956, CVE-2016-6685 Moderate Yes Information disclosure vulnerability in NVIDIA profiler CVE-2016-6686, CVE-2016-6687, CVE-2016-6688 Moderate Yes Information disclosure vulnerability in kernel CVE-2016-6689 Moderate Yes Denial of service vulnerability in kernel networking subsystem CVE-2016-5696 Moderate Yes Denial of service vulnerability in kernel sound driver CVE-2016-6690 Low Yes Vulnerabilities in Qualcomm components CVE-2016-6691, CVE-2016-6692, CVE-2016-6693, CVE-2016-6694, CVE-2016-6695, CVE-2016-6696, CVE-2016-5344, CVE-2016-5343 High No

Viewing all articles
Browse latest Browse all 12749