Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
threatpostTom SpringTHREATPOST:BCF6C41D0F09CB08AAE1465217B58B59
HistoryApr 03, 2018 - 4:01 p.m.

Google’s April Android Security Bulletin Warns of 9 Critical Bugs

2018-04-0316:01:37
Tom Spring
threatpost.com
14

0.001 Low

EPSS

Percentile

43.0%

JSON

Nine vulnerabilities rated critical were patched as part of Google’s Android Security Bulletin for April.

Critical vulnerabilities ranged from two remote code execution vulnerabilities tied to the Android media framework, to a Qualcomm Wi-Fi component flaw that allowed a nearby attacker to use “a specially crafted file to execute arbitrary code within the context of a privileged process.”

Google said firmware updates are available and will be delivered via over-the-air (OTA) updates to Google Pixel and Nexus devices. Updates to other Android devices will be sent via respective OEM device makers and wireless carriers, where applicable. For example, Samsung Mobile announced a maintenance release for its “major flagship models” that included eight Samsung patches being delivered OTA.

In all, Google’s April security update includes 28 fixes; nine rated critical and 19 rated high. Seven of the critical vulnerabilities were tied to the Android OS directly. Each Qualcomm and Broadcom component maker fixed a critical bug.

The Android operating system received the most attention, with Google fixing four remote code execution bugs and one critical elevation of privilege bug.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google wrote.

Common vulnerabilities and exposures (CVE) details of each of the bugs are not released until device makers have patched the affected systems.

Several Qualcomm components were patched as part of the April update, including chipset functions relating to Wi-Fi, binder, WLAN and audio drivers. A critical RCE Broadcom wireless bug (CVE-2017-13292) was also patched.

Google also released a separate April Pixel / Nexus Security Bulletin for its Pixel and Nexus devices that include the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Nexus 5X, and Nexus 6P smartphones as well as the Pixel C tablet. Google said Android 8.1 Oreo factory images and OTAs are available for download.

Related

cvelist 1
nvd 1
cve 1
prion 1
android 1
threatpost 1
cvelist
cvelist
CVE-2017-13292
2018-04-02 00:00:00
nvd
nvd
CVE-2017-13292
2018-04-04 16:29:01
cve
cve
CVE-2017-13292
2018-04-04 16:29:01
prion
prion
Out-of-bounds
2018-04-04 16:29:00
android
android
CVE-2017-13292
2018-04-01 00:00:00
threatpost
threatpost
Samsung Patches Six Critical Bugs in Flagship Handsets
2018-05-14 18:04:02

0.001 Low

EPSS

Percentile

43.0%

JSON
Related for THREATPOST:BCF6C41D0F09CB08AAE1465217B58B59
cvelist1nvd1cve1prion1android1threatpost1