Android Security Bulletin for February 2018 – Google has fixed tens of vulnerabilities for Android OS, including several critical remote code execution (RCE) flaws.
The Android Security Bulletin for February 2018 addresses 26 vulnerabilities in the mobile operating system, most of which are elevation of privilege flaws.
The 2018-02-01 security patch level fixed 7 vulnerabilities, 6 in Media Framework and one issue affecting the System component.
The tech giant has fixed two critical RCE vulnerabilities in Media Framework. The first issue is the CVE-2017-13228 that affects Android 6.0 and newer, the second one, tracked as CVE-2017-13230, impacts Android 5.1.1 and later.
Google also fixed other vulnerabilities in Media Framework, including an information disclosure vulnerability, an elevation of privilege bug, and several denial-of-service flaws.
“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” states the advisory.
The most severe of these vulnerabilities is tracked as CVE-2017-13236, it is a System issue that could be exploited by an attacker to achieve remote code execution in the context of a privileged process. The attacker can trigger the flaw via email, web browsing, and MMS when processing media files.
The 2018-02-05 security patch level includes fixes for 19 vulnerabilities in HTC, Kernel, NVIDIA, Qualcomm, and Qualcomm closed-source components.
The most severe flaws included in the 2018-02-05 security patch level are two remote code execution vulnerabilities in Qualcomm components tracked as CVE-2017-15817 and CVE-2017-17760.
Google also released the Pixel / Nexus Security Bulletin that addresses 29 vulnerabilities in Google devices.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.