SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Google Android Vendors:   Google
Google Android Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Apps Gain Elevated Privileges
SecurityTracker Alert ID:  1038623
SecurityTracker URL:  http://securitytracker.com/id/1038623
CVE Reference:   CVE-2014-9953, CVE-2014-9954, CVE-2014-9955, CVE-2014-9956, CVE-2014-9957, CVE-2014-9958, CVE-2014-9959, CVE-2014-9960, CVE-2014-9961, CVE-2014-9962, CVE-2014-9963, CVE-2014-9964, CVE-2014-9965, CVE-2014-9966, CVE-2014-9967, CVE-2015-7995, CVE-2015-8871, CVE-2015-9008, CVE-2015-9009, CVE-2015-9010, CVE-2015-9011, CVE-2015-9012, CVE-2015-9013, CVE-2015-9014, CVE-2015-9015, CVE-2015-9020, CVE-2015-9021, CVE-2015-9022, CVE-2015-9023, CVE-2015-9024, CVE-2015-9025, CVE-2015-9026, CVE-2015-9027, CVE-2015-9028, CVE-2015-9029, CVE-2015-9030, CVE-2015-9031, CVE-2015-9032, CVE-2015-9033, CVE-2016-10298, CVE-2016-10299, CVE-2016-10332, CVE-2016-10333, CVE-2016-10334, CVE-2016-10335, CVE-2016-10336, CVE-2016-10337, CVE-2016-10338, CVE-2016-10339, CVE-2016-10340, CVE-2016-10341, CVE-2016-10342, CVE-2016-1839, CVE-2016-4658, CVE-2016-5131, CVE-2016-5861, CVE-2016-5864, CVE-2016-8332, CVE-2017-0391, CVE-2017-0636, CVE-2017-0637, CVE-2017-0638, CVE-2017-0639, CVE-2017-0640, CVE-2017-0641, CVE-2017-0642, CVE-2017-0643, CVE-2017-0644, CVE-2017-0645, CVE-2017-0646, CVE-2017-0647, CVE-2017-0648, CVE-2017-0649, CVE-2017-0650, CVE-2017-0651, CVE-2017-0663, CVE-2017-5056, CVE-2017-6247, CVE-2017-6248, CVE-2017-6249, CVE-2017-6421, CVE-2017-7364, CVE-2017-7365, CVE-2017-7366, CVE-2017-7367, CVE-2017-7368, CVE-2017-7369, CVE-2017-7370, CVE-2017-7371, CVE-2017-7372, CVE-2017-7373, CVE-2017-7375, CVE-2017-7376, CVE-2017-8233, CVE-2017-8234, CVE-2017-8235, CVE-2017-8236, CVE-2017-8237, CVE-2017-8239, CVE-2017-8240, CVE-2017-8241, CVE-2017-8242   (Links to External Site)
Date:  Jun 7 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Google Android. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code or cause denial of service conditions on the target system.

A local application can gain elevated privileges on the target system.

A remote user can obtain potentially sensitive information on the target system.

Bluetooth is affected [CVE-2017-0639, CVE-2017-0645, CVE-2017-0646].

Various libraries are affected [CVE-2015-7995, CVE-2015-8871, CVE-2016-1839, CVE-2016-4658, CVE-2016-5131, CVE-2016-8332, CVE-2017-0647, CVE-2017-0663, CVE-2017-5056, CVE-2017-7375, CVE-2017-7376].

Media framework is affected [CVE-2017-0391, CVE-2017-0637, CVE-2017-0640, CVE-2017-0641, CVE-2017-0642, CVE-2017-0643, CVE-2017-0644].

System UI is affected [CVE-2017-0638].

Kernel components are affected [CVE-2017-0648, CVE-2017-0651].

MediaTek components are CVE-2015-7995 [CVE-2017-0636, CVE-2017-0649].

NVIDIA components are CVE-2015-7995 [CVE-2017-6247, CVE-2017-6248].

Qualcomm components are CVE-2015-7995 [CVE-2016-5861, CVE-2016-5864, CVE-2017-6421, CVE-2017-7364, CVE-2017-7365, CVE-2017-7366, CVE-2017-7367, CVE-2017-7368, CVE-2017-7369, CVE-2017-7370, CVE-2017-7371, CVE-2017-7372, CVE-2017-7373, CVE-2017-8233, CVE-2017-8234, CVE-2017-8235, CVE-2017-8236, CVE-2017-8237, CVE-2017-8239, CVE-2017-8240, CVE-2017-8241, CVE-2017-8242].

Synaptics components are CVE-2015-7995 [CVE-2017-0650].

Ecular Xu of Trend Micro, En He (@heeeeen4x) and Bo Liu of MS509Team, Gengjia Chen (@chengjia4574) and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd., Godzheng (@VirtualSeekers) of Tencent PC Manager,
Jake Corina and Nick Stephens of Shellphish Grill Team, Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360, Lubo Zhang (zlbzlb815@163.com), Yuan-Tsung Lo (computernik@gmail.com), and Xuxian Jiang of C0RE Team, Nathan Crandall (@natecray) of Tesla's Product Security Team, Omer Shwartz, Amir Cohen, Dr. Asaf Shabtai, and Dr. Yossi Oren of Ben Gurion University Cyber Lab, Roee Hay (@roeehay) of Aleph Research, HCL Technologies, sevenshen (@lingtongshen) of TrendMicro, Vasily Vasiliev, V.E.O (@VYSEa) of Mobile Threat Response Team, Trend Micro, Xiling Gong of Tencent Security Platform Department, Yangkang (@dnpushme) and Liyadong of Qex Team, Qihoo 360, Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd, and Zubin Mithra of Google reported these vulnerabilities.

Impact:   A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code or cause denial of service conditions on the target system.

A local application can gain elevated privileges on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (security patch levels 2017-06-01 and 2017-06-05).

The vendor advisory is available at:

https://source.android.com/security/bulletin/2017-06-01

Vendor URL:  source.android.com/security/bulletin/2017-06-01 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC