Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Google Patches Android Security Vulnerabilities in April Update

    By
    Sean Michael Kerner
    -
    April 6, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Android Security

      Google is out with its April 2017 Android security update, patching 102 different vulnerabilities in the mobile operating system. Of the vulnerabilities patched by Google this month, only 15 are rated as having critical impact.

      Not surprisingly, the mediasever component is once again being patched by Google. The Android mediasever has been patched in every Android security update issued by Google since August 2015. In the new April update, mediaserver accounts for 15 flaws in total, including six rated as critical, five as high and four with only moderate impact.

      “A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing,” Google’s advisory on the six critical mediaserver vulnerabilities states. “This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.”

      Flaws in the Android mediaserver first were publicly reported back in July 2015, with the initial Stagefright vulnerability that was discovered by Joshua Drake, vice president of Platform Research and Exploitation at Zimperium. Google has been patching mediaserver regularly and with the Android 7 ‘Nougat’ operating system update, made significant improvements to help limit mediaserverer related security risks. In a March 2017 interview with eWEEK, Adrian Ludwig, director of Android security at Google, explained that mediaserver issues will continue to be patched in Android, to further limit risks for both older and current versions of Android.

      “If the issue is potentially exploitable on any of the supported devices, then we make a patch available for all of them,” Ludwig said.

      Also of note in the April Android security update is a critical vulnerability identified as CVE-2017-0561, in Broadcom’s Wi-Fi firmware.

      “A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC (System on a Chip),” Google warns in its advisory.

      The Broadcom flaw was discovered by security researcher Gal Beniamini with Google’s Project Zero security research team and was first reported privately in December 2016. Beniamini is also credited with reporting four other related high impact privilege escalation flaws with Broadcom’s Wi-Fi driver (CVE-2017-0571, CVE-2017-0570, CVE-2017-0572, CVE-2017-0569) that were patched by Google in the Android April update.

      There is also a patch for an interesting privilege escalation flaw rated a critical, in the HTC touchscreen driver, identified as CVE-2017-0563.

      “An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel,” Google warns in its advisory. “This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.”

      As has been the case in many recent Android updates, there is also a long list of vulnerabilities that are being patched in various Qualcomm components and drivers. In total, there are 41 different Qualcomm vulnerabilities patched in the April update, with 21 rated as critical, 12 as high and 8 at the moderate level.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×