Published On: Fri, Jul 7th, 2017

Google Continues To Fix Qualcomm Vulnerabilities In Jul Android Security Bulletin

Google recently expelled a Android confidence circular (for July) with dual confidence patch turn strings. The initial one is antiquated Jul 1 while a other one antiquated Jul 5. Google wants users to implement a refurbish to evade intensity confidence issues.

For Pixel or Nexus devices, Google will pull OTA updates while other device owners should wait for their OEM to pull updates with specific fixes. Google has already told a OEMs about a emanate mentioned in a circular and it has also expelled a source formula rags for a issues to the Android Open Source Project (AOSP) repository.

screen-shot-2017-07-07-at-11-38-01-pmRelated Google is Testing Touch Friendly Launcher for Chrome OS, Here’s How You Can Try It Right Now

 

As usual, Google continues to repair a vulnerabilities in Mediaserver. In March, there were reports about a disadvantage that enabled an assailant to use a files – H.264 and H.265 to hurtful a device’s memory during a processing. These loopholes in a complement authorised hackers to run remote formula on Android around Mediaserver processes. Google continued to hurl out confidence rags for these vulnerabilities in April, May, and June. And in Jul too, a association continues to tackle it.

Folks at TrendLabs have detected some-more H.265 decoder vulnerabilities, trimming from Critical to High. Two of these vulnerabilities tumble underneath High while a third one is Critical in inlet – CVE-2017-0689, CVE-2017-0695, and CVE-2017-0540. For H.264 decoder, they found 3 Critical and one High Vulnerability – CVE-2017-0680, CVE-2017-0679, CVE-2017-0693, and CVE-2017-0677. TrendLabs detected some-more vulnerabilities that impact MPEG2 format, that was also forked out in a May confidence bulletin.

The CVE-2017-0686 disadvantage increases a volume of attacks that means mixed reboots on a device whenever an MPEG2 video is played. On a other hand, a CVE-2017-0674 is a Critical disadvantage that enables remote formula execution on a device.

screen-shot-2017-07-07-at-10-44-02-pmRelated Android Distribution Chart For Jul Reveals Double Digit Growth In Nougat Adoption

July confidence circular also reveals other components. The Media Framework territory comes with 10 Critical vulnerabilities including a aforementioned CVE-2017-0540 disadvantage that allows remote execution in Mediaserver. Broadcom member territory includes CVE-2017-9417 that allows hackers to govern antagonistic formula within a kernel. Similarly, Qualcomm components embody 7 vulnerabilities that capacitate antagonistic apps to run capricious formula within a rim of a kernel. Qualcomm closed-source components territory facilities 55 High rated vulnerabilities.

The confidence refurbish for Jul tackles all a vulnerabilities so it is rarely advisable to implement it as shortly as we get it.

 

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>