Multiple Vulnerabilities in Google Android

img_1344

 

DATE ISSUED:
07/07/2017

SUBJECT:
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

OVERVIEW:
Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:
• Android OS builds utilizing Security Patch Levels prior to July 5, 2017

RISK:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: High

TECHNICAL SUMMARY:
Google Android OS is prone to multiple vulnerabilities, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

• An arbitrary code execution vulnerability in Runtime. (CVE-2017-3544)
• Multiple arbitrary code execution vulnerabilities in Framework. (CVE-2017-0664, CVE-2017-0665, CVE-2017-0666, CVE-2017-0667, CVE-2017-0668, CVE-2017-0669, CVE-2017-0670)
• Multiple arbitrary code execution vulnerabilities in Libraries. (CVE-2017-0671, CVE-2016-2109, CVE-2017-0672)
• Multiple arbitrary code execution vulnerabilities in Media Framework. (CVE-2017-0540, CVE-2017-0673, CVE-2017-0674, CVE-2017-0675, CVE-2017-0676, CVE-2017-0677, CVE-2017-0678, CVE-2017-0679, CVE-2017-0680, CVE-2017-0681, CVE-2017-0682, CVE-2017-0683, CVE-2017-0684, CVE-2017-0685, CVE-2017-0686, CVE-2017-0688, CVE-2017-0689, CVE-2017-0690, CVE-2017-0691 ,CVE-2017-0692, CVE-2017-0693, CVE-2017-0694, CVE-2017-0695, CVE-2017-0696, CVE-2017-0697, CVE-2017-0698, CVE-2017-0699)
• Multiple arbitrary code execution vulnerabilities in System UI. (CVE-2017-0700, CVE-2017-0701, CVE-2017-0702, CVE-2017-0703, CVE-2017-0704)
• Multiple arbitrary code execution vulnerabilities in Broadcom Components. (CVE-2017-9417, CVE-2017-0705, CVE-2017-0706)
• Multiple arbitrary code execution vulnerabilities in HTC Components. (CVE-2017-0707, CVE-2017-0708, CVE-2017-0709)
• Multiple Arbitrary code execution in Kernel Components. (CVE-2017-6074, CVE-2017-5970, CVE-2015-5707, CVE-2017-0710, CVE-2017-7308, CVE-2014-9731)
• An arbitrary code execution vulnerability in MediaTek Components. (CVE-2017-0711)
• Multiple arbitrary code execution vulnerabilities in NVIDIA Components. (CVE-2017-0340, CVE-2017-0326)
• Multiple arbitrary code execution vulnerabilities in Qualcomm Components. (CVE-2017-8255, CVE-2016-10389, CVE-2017-8253, CVE-2017-8262, CVE-2017-8263, CVE-2017-8267, CVE-2017-8273, CVE-2016-5863, CVE-2017-8243, CVE-2017-8246, CVE-2017-8256, CVE-2017-8257, CVE-2017-8259, CVE-2017-8260 CVE-2017-8261, CVE-2017-8264, CVE-2017-8265, CVE-2017-8266, CVE-2017-8268, CVE-2017-8270, CVE-2017-8271, CVE-2017-8272, CVE-2017-8254, CVE-2017-8258, CVE-2017-8269)
• Multiple arbitrary code execution vulnerabilities in Qualcomm Closed-Source Components. (CVE-2014-9411, CVE-2014-9968, CVE-2014-9973, CVE-2014-9974, CVE-2014-9975, CVE-2014-9977, CVE-2014-9978, CVE-2014-9979, CVE-2014-9980, CVE-2015-0575, CVE-2015-8592, CVE-2015-8595, CVE-2015-8596, CVE-2015-9034, CVE-2015-9035, CVE-2015-9036, CVE-2015-9037, CVE-2015-9038, CVE-2015-9039, CVE-2015-9040, CVE-2015-9041, CVE-2015-9042, CVE-2015-9043, CVE-2015-9044, CVE-2015-9045, CVE-2015-9046, CVE-2015-9047, CVE-2015-9048, CVE-2015-9049, CVE-2015-9050, CVE-2015-9051, CVE-2015-9052, CVE-2015-9053, CVE-2015-9054, CVE-2015-9055, CVE-2015-9060, CVE-2015-9061, CVE-2015-9062, CVE-2015-9067, CVE-2015-9068, CVE-2015-9069, CVE-2015-9070, CVE-2015-9071, CVE-2015-9072, CVE-2015-9073, CVE-2016-10343, CVE-2016-10344, CVE-2016-10346, CVE-2016-10347, CVE-2016-10382, CVE-2016-10383, CVE-2016-10388, CVE-2016-10391, CVE-2016-5871, CVE-2016-5872)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:
We recommend the following actions be taken:
• Apply appropriate updates provided by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
• Remind users to download apps only from trusted vendors in the Play Store.
• Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:
Android:
https://source.android.com/security/bulletin/2017-07-01

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417

24×7 Security Operations Center
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
SOC@cisecurity.org – 1-866-787-4722

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s