Google’s May 2016 security update for the Android operating system patches a total of 40 vulnerabilities, including many rated critical and high severity.
The list of critical issues includes another round of remote code execution flaws in mediaserver, and privilege escalation vulnerabilities in the Android debugger, the Qualcomm TrustZone component, the Qualcomm Wi-Fi driver, the kernel, and the NVIDIA video driver.
The mediaserver flaws allow an attacker to remotely execute code within the context of the mediaserver service. The privilege escalation weaknesses allow a local malicious application to execute arbitrary code in the context of the Android debugger or the kernel.
The critical vulnerabilities have been assigned the following CVE identifiers: CVE-2016-2428, CVE-2016-2429, CVE-2016-2430, CVE-2016-2431, CVE-2016-2432, CVE-2015-0569, CVE-2015-0570, CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, CVE-2016-2437 and CVE-2015-1805.
The high severity issues patched by Google with this month’s Android updates include remote code execution vulnerabilities in the kernel and Bluetooth, and privilege elevation flaws in various Qualcomm components, Wi-Fi, mediaserver, the MediaTek Wi-Fi driver, and Binder. An information disclosure vulnerability in the Qualcomm tethering controller and a remote denial-of-service (DoS) vulnerability in the Qualcomm hardware codec have also been classified as having high severity.
The CVE identifiers assigned to these flaws are CVE-2016-2438, CVE-2016-2060, CVE-2016-2439, CVE-2016-2440, CVE-2016-2441, CVE-2016-2442, CVE-2016-2443, CVE-2015-0571, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446, CVE-2016-2447, CVE-2016-2448, CVE-2016-2449, CVE-2016-2450, CVE-2016-2451, CVE-2016-2452, CVE-2016-2453 and CVE-2016-2454.
The Android update also resolves several moderate severity issues, including privilege escalation and information disclosure vulnerabilities. Only one of the 40 flaws patched this month has been rated as low severity - a DoS bug affecting the kernel.
Read More:Google Patches 40 Vulnerabilities in Android | SecurityWeek.Com
The list of critical issues includes another round of remote code execution flaws in mediaserver, and privilege escalation vulnerabilities in the Android debugger, the Qualcomm TrustZone component, the Qualcomm Wi-Fi driver, the kernel, and the NVIDIA video driver.
The mediaserver flaws allow an attacker to remotely execute code within the context of the mediaserver service. The privilege escalation weaknesses allow a local malicious application to execute arbitrary code in the context of the Android debugger or the kernel.
The critical vulnerabilities have been assigned the following CVE identifiers: CVE-2016-2428, CVE-2016-2429, CVE-2016-2430, CVE-2016-2431, CVE-2016-2432, CVE-2015-0569, CVE-2015-0570, CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, CVE-2016-2437 and CVE-2015-1805.
The high severity issues patched by Google with this month’s Android updates include remote code execution vulnerabilities in the kernel and Bluetooth, and privilege elevation flaws in various Qualcomm components, Wi-Fi, mediaserver, the MediaTek Wi-Fi driver, and Binder. An information disclosure vulnerability in the Qualcomm tethering controller and a remote denial-of-service (DoS) vulnerability in the Qualcomm hardware codec have also been classified as having high severity.
The CVE identifiers assigned to these flaws are CVE-2016-2438, CVE-2016-2060, CVE-2016-2439, CVE-2016-2440, CVE-2016-2441, CVE-2016-2442, CVE-2016-2443, CVE-2015-0571, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446, CVE-2016-2447, CVE-2016-2448, CVE-2016-2449, CVE-2016-2450, CVE-2016-2451, CVE-2016-2452, CVE-2016-2453 and CVE-2016-2454.
The Android update also resolves several moderate severity issues, including privilege escalation and information disclosure vulnerabilities. Only one of the 40 flaws patched this month has been rated as low severity - a DoS bug affecting the kernel.
Read More:Google Patches 40 Vulnerabilities in Android | SecurityWeek.Com
