This article is more than 1 year old

You've got a patch, you've got a patch ... almost every Android device has a patch

Driver bugs leave kit open to hijacking

It's the first Monday of the month, and that means another batch of patches for Android, fixing flaws that can be exploited by apps and webpages to hijack devices.

As usual, if you're not using a Google Nexus device, you're at the mercy of your manufacturer and phone carrier to approve and distribute these updates, which may take some time. Although Google Play Services on Android gadgets can install updates quietly in the background direct from Google, it can't reach the lowest levels of the operating system – which is precisely where these bugs lurk. Nexus devices get their updates straight from Google.

Of the eight critical flaws fixed this month, six are present in Qualcomm-powered phones and fondleslabs: two in each of its sound and GPU drivers, and a one in each of the firm's video and Wi-Fi drivers. All six allow apps installed on the devices to either enter kernel space and completely hijack the gadget to steal passwords and spy on victims.

If a handheld is infected with malware via one of these vulnerabilities, you'll need to do a complete wipe and reflash of the firmware to remove the software nasty.

The other two critical patches this month, as well as the bulk of lesser-severity patches, cover Android's Mediaserver and libwebm code. Specially crafted audio and video files viewed on a vulnerable device – imagine receiving an MMS text or viewing a web page bobby-trapped with an evil video – can exploit these holes to execute malicious code with high privileges on the device.

Ten of the remaining 32 high- and moderate-severity flaw fixes also cover Qualcomm kit, with Broadcom's dodgy Wi-Fi drivers contributing another couple and Nvidia's camera driver also showing problems. These holes can be potentially abused by apps to gain extra permissions to snoop on owners or cause trouble.

Twelve of these lower-ranked flaws in Mediaserver cover malicious apps being able to gain Signature or SignatureOrSystem privileges on the device, as does one flaw in the SD card emulation layer of Android. This could allow a specially crafted app with the right system image certification to run code without asking the user first.

Google is well aware of the problems with its Mediaserver. The Chocolate Factory is addressing the problem in the forthcoming Android N by rewriting and siloing media handling components in the operating system in the new build.

This month's security bugs are present in Android versions 4.4.4 (32.5 per cent of devices), 5.0.2 (16 per cent), 5.1.1 (19 per cent), 6.0 and 6.0.1 (7.5 per cent). Earlier builds are no longer supported. Although Google only lists which Nexus models are affected in its security advisory, other manufacturers' phones are also affected.

Android does feature various mechanisms – such as ASLR – to block the exploitation of security bugs, although they can be potentially sidestepped.

You can see the full list here. Get busy patching – if you can – because you can be sure miscreants will be finding new ways to exploit these programming cockups. ®

Issue CVE Severity Affects Nexus?
Remote Code Execution Vulnerability in Mediaserver CVE-2016-2463 Critical Yes
Remote Code Execution Vulnerabilities in libwebm CVE-2016-2464 Critical Yes
Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2465 Critical Yes
Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2466
CVE-2016-2467
Critical Yes
Elevation of Privilege Vulnerability in Qualcomm GPU Driver CVE-2016-2468
CVE-2016-2062
Critical Yes
Elevation of Privilege Vulnerability in Qualcomm WiFi Driver CVE-2016-2474 Critical Yes
Elevation of Privilege Vulnerability in Broadcom WiFi Driver CVE-2016-2475 High Yes
Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2066
CVE-2016-2469
High Yes
Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2476
CVE-2016-2477
CVE-2016-2478
CVE-2016-2479
CVE-2016-2480
CVE-2016-2481
CVE-2016-2482
CVE-2016-2483
CVE-2016-2484
CVE-2016-2485
CVE-2016-2486
CVE-2016-2487
High Yes
Elevation of Privilege Vulnerability in Qualcomm Camera Driver CVE-2016-2061
CVE-2016-2488
High Yes
Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2489 High Yes
Elevation of Privilege Vulnerability in NVIDIA Camera Driver CVE-2016-2490
CVE-2016-2491
High Yes
Elevation of Privilege Vulnerability in Qualcomm WiFi Driver CVE-2016-2470
CVE-2016-2471
CVE-2016-2472
CVE-2016-2473
High Yes
Elevation of Privilege Vulnerability in MediaTek Power Management Driver CVE-2016-2492 High Yes
Elevation of Privilege Vulnerability in SD Card Emulation Layer CVE-2016-2494 High Yes
Elevation of Privilege Vulnerability in Broadcom WiFi Driver CVE-2016-2493 High Yes
Remote Denial of Service Vulnerability in Mediaserver CVE-2016-2495 High Yes
Elevation of Privilege Vulnerability in Framework UI CVE-2016-2496 Moderate Yes
Information Disclosure Vulnerability in Qualcomm WiFi Driver CVE-2016-2498 Moderate Yes
Information Disclosure Vulnerability in Mediaserver CVE-2016-2499 Moderate Yes
Information Disclosure Vulnerability in Activity Manager CVE-2016-2500 Moderate Yes

More about

TIP US OFF

Send us news


Other stories you might like