Android Latest Security Updates, More Than 100 Vulnerabilities Patched by Google

The search engine giant “Google” has patched around 107 security vulnerabilities of its Linux-based mobile operating system “Android”. In “Android Security Bulletin- 2017”, google has announced that an on-the-air (OTA) update has been released by the company. This update is for all the android based devices including Pixel and Nexus. Out of 107 security vulnerabilities, 35 have been rated by Google as “Critical Vulnerabilities”. The search engine giant released a partial security patch level string on 1st March 2017 and a complete security patch level string on 5th March 2017.

Security Update of 1st March 2017

It was a partial security update and Google has patched 36 security vulnerabilities in this update. From these 36 security flaws, 11 were critical security flaws, 15 were high severity security flaws, 9 were moderate and 1 was the low level security flaw.

11 Critical Security Vulnerabilities

All the 11 critical flaws were RCE (Remote Code Execution) security issues. 9 of them were related to Mediaserver, 1 was related to EoP (Elevation of Privilege) and another one was allowing attackers to exploit OpenSSL and BoringSSL. The attackers could exploit a Remote Code Execution to remotely hijack any Android device.

15 High Severity Security Vulnerabilities

9 DoS (Denial of Service) Vulnerabilities in Mediaserver

3 RCE (Remote Code Execution) Vulnerabilities in Messaging, Libgdx, and Framesequence

2 EoP Vulnerabilities in EoP

9 Moderate and 1 Low-Level Security Vulnerability

5 Elevation of Privilege (EoP) Vulnerabilities in Wi-Fi, Location Manager, System UI, and Package Manager.

2 Information Disclosure Vulnerabilities in AOSP Messaging and Mediaserver

2 DoS Vulnerabilities in Mediaserver and Setup Wizard

1 Low-Level DoS Security Flaw in Audioserver

Security Update of 5th March 2017

Google has patched 71 security vulnerability in this second security update. It was a complete security update. Out of these 71 security vulnerabilities, 24 were critical, 32 were high-risk vulnerability, 14 were moderate and 1 was low-risk security vulnerabilities. The details are as given below:

24 Critical Vulnerabilities

19 Elevation of Privilege (EoP) Vulnerabilities ( 5 in NVIDIA GPU Driver, 7 in MediaTek Components, 1 in Broadcom Wi-Fi Driver, 2 in Kernel ION subsystem, 1 in Qualcomm GPU driver, 1 in Broadcom Wi-Fi Driver, 1 in-kernel networking subsystem and 1 in kernel FIQ debugger)

5 Security Vulnerabilities in various Qualcomm components.

32 High Severity Vulnerabilities

25 Elevation of Privilege (EoP) Vulnerabilities in Kernel Networking Subsystem, MediaTek Hardware Sensor Driver, Qualcomm Fingerprint Sensor Driver, Qualcomm Camera Driver, Qualcomm Wi-Fi Driver, Qualcomm IPA Driver, NVIDIA GPU Driver, Kernel Security Subsystem, Qualcomm input hardware driver, Qualcomm ADSPRPC driver, Qualcomm Crypto Engine Driver, MediaTek APK, Synaptics Touchscreen Driver, HTC Sensor Hub Driver, Qualcomm Networking Driver and Qualcomm SPCom Driver.

6 Information Disclosure vulnerabilities in MediaTek Driver, Qualcomm Power Driver, Kernel Networking Subsystem, Qualcomm bootloader, NVIDIA GPU driver.

1 DoS vulnerability in Kernel Cryptographic Subsystem.

14 Moderate Security Flaws

13 Information Disclosure security flaws in MediaTek Video Codec Driver, Qualcomm Camera Driver, Synaptics Touchscreen Driver, Qualcomm Wi-Fi Driver, Qualcomm Video Driver, HTC Sound Codec Driver and Kernel USB gadget driver.

1 EoP security flaw in Qualcomm camera driver.

1 Low-Level Security Vulnerability

It was an information disclosure vulnerability in Qualcomm camera driver of all android devices.

Conclusion:

The Google has released an OTA update for all the android based devices (Nexus, Pixel, and Android One) to patch these security vulnerabilities. An on-the-air update has no need of user interaction because the company can automatically install new updates on all devices. Stay tuned with us for more updates.

Also Read: