Google Fixes 74 Android Security Flaws with December Patches

Status
Not open for further replies.
Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Google Fixes 74 Android Security Flaws with December Patches

Google has rolled out two security patches for Android devices earlier this month that address a total of 74 vulnerabilities in the operating system, including 11 that are rated as critical.

Specifically, Google’s December 2016 security patching cycle included two different releases, each of which came with fixes that were aimed at both Google and other Android devices.

The so-called 2016-12-01 security patch level includes 5 different fixes aimed at vulnerabilities flagged as “high” severity and 6 others for moderate issues. There are two different remote code execution flaws patches with CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, and CVE-2016-6768, two denial of service vulnerabilities, four elevation of privilege vulnerabilities, and two information disclosure holes.

It’s important to note that Android 7.0 or later is not affected by these vulnerabilities if they are already running the latest updates. On the other hand, the rest of the Android versions on the market, starting with 4.4 and ending with 6.0.1, are all targeted by these updates.

Then, there’s the 2016-12-05 security patch level, which comes with a bigger number of fixes. There are 58 patches included in this update, 11 of which are rated as critical, 33 as high, and 14 as medium severity risk.

Most of the vulnerabilities fixed with this update would allow for elevation of privilege and Google says that both its own devices and other Android phones and tablets on the market were exposed. Once again, all versions of Android starting with 4.4.4 should install the patches as soon as possible.

Eagerly-awaited patches
Two important patches are CVE-2016-4794 and CVE-2016-5195 which fix the Dirty COW security bug discovered on Linux and also affecting Android, allowing attackers to root devices and get full root access to local data. Google rates the bug as critical and fixes the patch on all its devices, starting with Pixel C, Pixel, Pixel XL, Nexus 5X, and Nexus 6P.

“An elevation of privilege vulnerability in the kernel memory subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device,” Google says.

Canonical has already patched the flaw in supported Ubuntu versions, and following this month’s Google patch cycle, no devices should be left vulnerable.

Android devices getting the update receive just a single OTA patch which then displays the December 05, 2016 security patch level on the About information screen.
Click to expand...
 
  • Like
Reactions: SHvFl, Parsh, woomera and 5 others
dJim

dJim

Level 5
Verified
Well-known
Mar 12, 2016
250
so u mean all android terminals with from kit kat till 6.1 will get update? or again this only for high end..
 
  • Like
Reactions: SHvFl
dJim

dJim

Level 5
Verified
Well-known
Mar 12, 2016
250
hmm i still hate more the android politices they are wrost than windows lol.. u still can use windows 10 in very old pc while android force u to buy a new ( not cheap )phone if u want the lastest and to be " proteged"
 
  • Like
Reactions: SHvFl and Solarquest
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Here according to Belarc Security Advisor report, that's normal situation about old devices.

Security vulnerabilities were detected on this device.

Samsung Gt-i9300
Android 4.3 Build JSS15J.I9300XXUGOE1

Security Advisor v1.0.27.1
Last scan: 08/dic/2016 17:08:03
Vulnerable software: 1
Total Vulnerabilities: 79

Vulnerable Software

Android OS / version 4.3
Vulnerabilities: 79
Severity: 52 High, 23 Moderate, 4 Low
 
  • Like
Reactions: SHvFl and harlan4096
woomera

woomera

Level 7
Verified
Jan 15, 2012
594
as an owner of a Nexus 6 i gotta say im disappointed they left our device out of the update loop (for now ofc) but still good to see these monthly updates from a security perspective.
 
  • Like
Reactions: SHvFl
marzametal

marzametal

Level 7
Verified
Jun 10, 2014
316
Hmmm, the first LineageOS build (7.1.1) for Samsung Galaxy S2 has Updates as of December 5th 2016... I wonder if it incorporated the above...
 
  • Like
Reactions: SHvFl
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,345
Too almost all phones will not get this updates anytime soon and most will never get it.
 
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • Thanks
    • +Reputation
New Update Android Security Update for January 2024 - Fixes 58 Vulnerabilities
Replies
2
Views
442
Android & WearOS
Dave Russo
Dave Russo
silversurfer
    • Like
    • +Reputation
New Update Android Security Update for November 2023 - Fixes 37 Vulnerabilities
Replies
1
Views
502
Android & WearOS
ForgottenSeer 103564
F
silversurfer
    • Like
    • +Reputation
New Update Android Security Update for October 2023 - Fixes 2 Exploited Vulnerabilities
Replies
0
Views
416
Android & WearOS
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top