Security

Android June 2016 Security Bulletin: What you need to know

The Android Security Update for June 2016 includes a number of critical issues. Jack Wallen has the highlights, and shows how to find out if your device is up to date.

Image: Jack Wallen

Another month has passed and, along with it, a new Android Security Bulletin arrived.

The Android Security Bulletin began in August 2015 as a monthly listing of security patches. The bulletin isn't merely a list; each month since it started, Google has released these fixes to the Android platform to keep the ecosystem as up to date and secure as possible.

SEE: Securing Your Mobile Enterprise (ZDNet/TechRepublic special feature)

The June 2016 security update should already be on your device. To check, go to Settings | About Phone and look for Android Security Patch Level (Figure A). You should see June 1, 2016 listed (anything earlier than that and your phone is out of date and, possibly, vulnerable).

Figure A

Figure A
The security patch level on a Nextbit Robin.
Image: Jack Wallen

So, what was discovered and patched in Android for June? Let's take a look.

Critical issues

It wouldn't be a normal month without an issue affecting the Android Mediaserver. This time around, it gains yet another critical status bug.

Remote Code Execution Vulnerability in Mediaserver

This month's Mediaserver issue is another remote code execution vulnerability, which could enable an attacker to use a specially crafted file to cause memory corruption. This affected functionality is provided as part of the platform core, and multiple applications allow it to be reached with remote content. This primarily targets MMS and browser playback of media.

This issue is directly related to bug 27855419.

Remote Code Execution Vulnerabilities in libwebm

Another critical issue is centered around a remote code execution vulnerability with libwebm, which could enable an attacker using a specially crafted malicious file to cause memory corruption during media file and data processing. This issue has been rated critical due to the possibility of remote code execution within the context of the Mediaserver process.

This issue is directly related to bug 23167726.

Elevation of Privilege Vulnerability in Qualcomm Video Driver

The Qualcomm Video Driver suffers another critical "elevation of privilege vulnerability," which could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue gains a critical rating due to the possibility of local permanent device compromise. If a device falls prey to this issue, reflashing could be the only resolution.

This issue is related to bug 27407865.

There are also critical bugs that affect the Qualcomm sound driver (bugs 27947307 and 28029010) and GPU driver (bugs 27475454 and 27364029). Each of these bugs has been marked critical because they can be used to gain local access to elevated capabilities and due to the possibility of local permanent device compromise.

High issues

Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver

This is an elevation of privilege vulnerability that would allow a malicious application to invoke system calls to change the device settings and behaviors (without privileges to do so).

This is related to bug 26425765.

Elevation of Privilege Vulnerability in Qualcomm Sound Driver

This elevation of privilege bug could enable a malicious application to execute arbitrary code within the context of the kernel.

This is related to bugs 26876409 and 27531992.

Elevation of Privilege Vulnerability in Mediaserver

The Mediaserver isn't just relegated to critical issues (as expected)—there are numerous bugs that could enable a malicious application to execute arbitrary code within the context of the kernel. This issue is rated high because it could be used to gain local access to elevated capabilities (such as Signature or SignatureOrSystem permission privileges, which are not normally accessible to third-party applications).

This is related to the following bugs:

Elevation of Privilege Vulnerability in Qualcomm Camera, Wi-Fi, and Video Drivers

The Qualcomm Camera, Wi-Fi, and Video drivers have been found to contain vulnerabilities that could enable a local malicious application to execute arbitrary code within the context of the kernel.

This is related to bugs 27207747 and 27600832 (camera); 27407629 (video); 27662174, 27773913, 27776888, and 27777501 (Wi-Fi).

SEE: Mobile Device Research: 2016 security trends, attack rates, and vendor ratings for smartphones, tablets, laptops, and wearables (Tech Pro Research)

Moderate issues

Elevation of Privilege Vulnerability in Framework UI

There is an elevation of privileges vulnerability in the Framework UI permission dialog window, which could enable an attacker to gain access to unauthorized files in flash storage.

This is related to bug 26677796.

Information Disclosure Vulnerability in Mediaserver and Activity Manager

This pair of vulnerabilities could allow an application to gain access to sensitive information without permission and is related to bugs 27855172 and 19285814.

Update immediately

Every Android Security Bulletin comes with a security update. Make sure to check and see if your Android device has an update ready to install.

To read about all of the security vulnerabilities for June, check out the official Android Security Bulletin page.

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox