How did October fare for Android security issues? Let’s pick through the latest Android Security Bulletin and find out.
SEE: Securing Your Mobile Enterprise (ZDNet/TechRepublic special feature)
Check your security release
Before we highlight what’s included with the October 2016 Android Security Bulletin, it’s always good to know what security release your device has installed. Of the Android devices I use regularly, the Verizon-branded Nexus 6 running Android 7.0 has the October 2016 security update, and the OnePlus 3 running Android 6.0.1 has the September 2016 security update. Nexus devices, as well as the new Pixel phones, will always be ahead of the curve for the security patches.
To find out which security release is installed on your device, open Settings, scroll down and tap About Phone, and then look for Android Security Patch Level (Figure A). If you see an older security patch level, fret not…a new one will appear in an update soon.
The OnePlus 3 showing the September patch level.
With that said, let’s dive into what’s new for October.
Remote code execution vulnerability in kernel ASN.1 decoder
The kernel ASN.1 decoder was found to be vulnerable to an elevation of privilege vulnerability that could enable a local malicious application to execute arbitrary code within the context of the kernel. Because of the possibility of local permanent device compromise, this issue is rated as Critical. If a device should become affected, the device would require reflashing the operating system for repair.
Note: This vulnerability only affects the Nexus 5X, Nexus 6P.
Related bug: A-29814470
Remote code execution vulnerability in kernel networking subsystem
The kernel network subsystem was found to contain a remote code execution vulnerability that could enable a remote attacker to execute arbitrary code within the context of the kernel. Due to the possibility of local permanent device compromise, this issue is rated as Critical. Any affected device would require reflashing the operating system to repair the device.
Related bug: A-30515201
Elevation of privilege vulnerability in ServiceManager
An elevation of privilege in ServiceManager (a service that acts as the primary information directory for the platform) could enable a local malicious application to register arbitrary services that would normally be provided by a privileged process–such processes include the system_server (the core of the Android system). This issue is rated as High due to the possibility of service impersonation, which could lead to varying types of attacks.
Related bug: A-29431260
Elevation of privilege vulnerability in Lock Settings Service
Given the right circumstances, this vulnerability could open your device up for easy data theft. This vulnerability occurs in the Lock Settings Service and could enable a local malicious application to clear the device PIN or password. This issue is rated as High because it serves as a local bypass of user interaction required for any developer or security settings modifications.
Related bug: A-30003944
Elevation of privilege vulnerability in Mediaserver
From the department of “we thought this was behind us,” the Mediaserver is still vulnerable. Now, understand this only affects Android version 6 and earlier (as Android Nougat enjoys a completely rewritten Mediaserver and won’t be vulnerable as was previous iterations). So if you’re using Android 7, you can ignore this entry.
SEE: Android 7.0 Nougat: The smart person’s guide
This is the same old elevation of privilege vulnerability in the Mediaserver we’ve grown to know and despise. If affected, it could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated High due to its ability to gain local access to elevated capabilities, which are not normally accessible to a third-party application.
Related bugs: A-30033990, A-30148546, A-30204103
Elevation of privilege vulnerability in fingerprint login
The fingerprint login system could also succumb to an elevation of privilege vulnerability during fingerprint login. This vulnerability could allow a malicious device owner to log in as a different user account on a device.
Related bug: A-30744668
There are a number of other high-rated vulnerabilities, all of which enable a local malicious application to execute arbitrary code within the context of a privileged process and are rated as such because the elevated capabilities are not normally accessible to third-party applications. These issues include:
- Elevation of privilege vulnerability in Zygote process (related bug A-30143607)
- Elevation of privilege vulnerability in framework APIs (related bug A-30202481)
- Elevation of privilege vulnerability in Telephony (related bug A-30481342)
- Elevation of privilege vulnerability in Camera service (related bugs A-30591838 and A-30741779)
Elevation of privilege vulnerability in Telephony
Yet another elevation of privilege vulnerability, this time within Telephony framework. This vulnerability could enable a local malicious application to execute arbitrary code in the context of a privileged process. The only reason this vulnerability is rated as Moderate is because it first requires compromising a privileged process.
Related bug: A-30202619
Denial of service vulnerability in Wi-Fi
A denial of service vulnerability was discovered in the Wi-Fi service that could enable a local malicious application to block Wi-Fi calling. This issue has been rated as Moderate due to the possibility of a denial of service to application functionality.
Related bug: A-30230534
Upgrade to Nougat ASAP
Because of the continued MediaServer vulnerabilities, it is highly recommended that you upgrade to Android Nougat as soon as it is available to your device. And remember, if your Android includes an out of date security patch level, make sure to keep checking for updates…eventually that device will catch up.