Google’s monthly security bulletin, outlining a number of vulnerabilities in the Android operating system and including patches, has just been published. This month has a notable 29 different vulnerabilities ranging from moderate to critical severity. The Nexus Player should be receiving a fix in the next couple of days, at least for those still on Android Marshmallow. It’s not clear when these will be rolling out to those on the Android N beta. In your settings, under about, users can check the month and year of the last security patch.
Remote Code Execution
A number of remote code vulnerabilities have been patched. This exploit occurs when an attacker overflows some internal memory buffer beyond a normal range. This overflowed rogue data can be placed into other areas of the system memory including the program controller. The controller may then stop executing normal system code and instead execute some commands supplied by the attacker. This can be mitigated in some cases by having a sandbox system, when executable code may only be run in particular conditions such as if a user grants a permission.
Remote code execution exploits have been discovered in several parts of the OS: the Dynamic Host Configuration Protocol (DHCP), MediaServer, and libstagefright. As these are key to the device, they have a higher privilege and greater access to internal systems. All three reports have been marked as being critical priority as it would be possible for an attacker to run this exploit on a phone in a number of apps which use the MediaServer or Stagefright (through most apps that show user-generated images or videos).
Similarly, breaking out of the sandbox model and running particular code can cause a device to become inoperable by the user. Elevation privilege exploits were reported in the kernel, download manager, several Qualcomm modules, MediaServer, System_server, setup wizard, Wi-Fi, and Telephony.
The remaining few reports include a denial of service vulnerability, when a user is unable to access a device or service, in the SyncStorageEngine and the Minikin library.