Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-088.020818: TT-CSIRT Advisory – Android Security Updates

TTCSIRT-088.020818: TT-CSIRT Advisory – Android Security Updates

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details are as follows:

a) Multiple remote code execution vulnerabilities in Media Framework (CVE-2017-13228, CVE-2017-13230)

b) An information disclosure vulnerability in Media Framework (CVE-2017-13232)

c) An elevation of privilege vulnerability in Media Framework (CVE-2017-13231)

d) Multiple denial of service vulnerabilities in Media Framework (CVE-2017-13230, CVE-2017-13233, CVE-2017-13234)

e) An elevation of privilege vulnerability in System (CVE-2017-13236)

f) An information disclosure vulnerability in HTC components (CVE-2017-13238)

g) An elevation of privilege vulnerability in HTC components (CVE-2017-13247)

h) Multiple elevation of privilege vulnerabilities in Kernel components (CVE-2017-15265, CVE-2015-9016, CVE-2017-17770)

i) Multiple elevation of privilege vulnerabilities in NVIDIA components (CVE-2017-6279, CVE-2017-6258)

j) Multiple remote code execution vulnerabilities in Qualcomm components (CVE-2017-15817, CVE-2017-17760)

k) Multiple elevation of privilege vulnerabilities in Qualcomm components (CVE-2017-11041, CVE-2017-17767, CVE-2017-17765, CVE-2017-17762, CVE-2017-14884, CVE-2017-15829, CVE-2017-15820, CVE-2017-17764, CVE-2017-17761)

l) A vulnerability in the Qualcomm closed-source components (CVE-2017-14910)

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2018-018/