TTCSIRT-088.020818: TT-CSIRT Advisory – Android Security Updates
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details are as follows:
a) Multiple remote code execution vulnerabilities in Media Framework (CVE-2017-13228, CVE-2017-13230)
b) An information disclosure vulnerability in Media Framework (CVE-2017-13232)
c) An elevation of privilege vulnerability in Media Framework (CVE-2017-13231)
d) Multiple denial of service vulnerabilities in Media Framework (CVE-2017-13230, CVE-2017-13233, CVE-2017-13234)
e) An elevation of privilege vulnerability in System (CVE-2017-13236)
f) An information disclosure vulnerability in HTC components (CVE-2017-13238)
g) An elevation of privilege vulnerability in HTC components (CVE-2017-13247)
h) Multiple elevation of privilege vulnerabilities in Kernel components (CVE-2017-15265, CVE-2015-9016, CVE-2017-17770)
i) Multiple elevation of privilege vulnerabilities in NVIDIA components (CVE-2017-6279, CVE-2017-6258)
j) Multiple remote code execution vulnerabilities in Qualcomm components (CVE-2017-15817, CVE-2017-17760)
k) Multiple elevation of privilege vulnerabilities in Qualcomm components (CVE-2017-11041, CVE-2017-17767, CVE-2017-17765, CVE-2017-17762, CVE-2017-14884, CVE-2017-15829, CVE-2017-15820, CVE-2017-17764, CVE-2017-17761)
l) A vulnerability in the Qualcomm closed-source components (CVE-2017-14910)
| Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2018-018/ |
