Driver bugs leave kit open to hijacking
It’s the first Monday of the month, and that means another batch of patches for Android, fixing flaws that can be exploited by apps and webpages to hijack devices.
As usual, if you’re not using a Google Nexus device, you’re at the mercy of your manufacturer and phone carrier to approve and distribute these updates, which may take some time.

Although Google Play Services on Android gadgets can install updates quietly in the background direct from Google, it can’t reach the lowest levels of the operating system – which is precisely where these bugs lurk. Nexus devices get their updates straight from Google.

Of the eight critical flaws fixed this month, six are present in Qualcomm-powered phones and fondleslabs: two in each of its sound and GPU drivers, and a one in each of the firm’s video and Wi-Fi drivers.

All six allow apps installed on the devices to either enter kernel space and completely hijack the gadget to steal passwords and spy on victims.
If a handheld is infected with malware via one of these vulnerabilities, you’ll need to do a complete wipe and reflash of the firmware to remove the software nasty.
The other two critical patches this month, as well as the bulk of lesser-severity patches, cover Android’s Mediaserver and libwebm code.
Specially crafted audio and video files viewed on a vulnerable device – imagine receiving an MMS text or viewing a web page bobby-trapped with an evil video – can exploit these holes to execute malicious code with high privileges on the device.
Ten of the remaining 32 high- and moderate-severity flaw fixes also cover Qualcomm kit, with Broadcom’s dodgy Wi-Fi drivers contributing another couple and Nvidia’s camera driver also showing problems.

These holes can be potentially abused by apps to gain extra permissions to snoop on owners or cause trouble.
Twelve of these lower-ranked flaws in Mediaserver cover malicious apps being able to gain Signature or SignatureOrSystem privileges on the device, as does one flaw in the SD card emulation layer of Android.

This could allow a specially crafted app with the right system image certification to run code without asking the user first.
Google is well aware of the problems with its Mediaserver.

The Chocolate Factory is addressing the problem in the forthcoming Android N by rewriting and siloing media handling components in the operating system in the new build.
This month’s security bugs are present in Android versions 4.4.4 (32.5 per cent of devices), 5.0.2 (16 per cent), 5.1.1 (19 per cent), 6.0 and 6.0.1 (7.5 per cent).

Earlier builds are no longer supported.

Although Google only lists which Nexus models are affected in its security advisory, other manufacturers’ phones are also affected.
Android does feature various mechanisms – such as ASLR – to block the exploitation of security bugs, although they can be potentially sidestepped.
You can see the full list here.

Get busy patching – if you can – because you can be sure miscreants will be finding new ways to exploit these programming cockups. ®
Issue
CVE
Severity
Affects Nexus?
Remote Code Execution Vulnerability in Mediaserver
CVE-2016-2463
Critical
Yes
Remote Code Execution Vulnerabilities in libwebm
CVE-2016-2464
Critical
Yes
Elevation of Privilege Vulnerability in Qualcomm Video Driver
CVE-2016-2465
Critical
Yes
Elevation of Privilege Vulnerability in Qualcomm Sound Driver
CVE-2016-2466CVE-2016-2467
Critical
Yes
Elevation of Privilege Vulnerability in Qualcomm GPU Driver
CVE-2016-2468CVE-2016-2062
Critical
Yes
Elevation of Privilege Vulnerability in Qualcomm WiFi Driver
CVE-2016-2474
Critical
Yes
Elevation of Privilege Vulnerability in Broadcom WiFi Driver
CVE-2016-2475
High
Yes
Elevation of Privilege Vulnerability in Qualcomm Sound Driver
CVE-2016-2066CVE-2016-2469
High
Yes
Elevation of Privilege Vulnerability in Mediaserver
CVE-2016-2476CVE-2016-2477CVE-2016-2478CVE-2016-2479CVE-2016-2480CVE-2016-2481CVE-2016-2482CVE-2016-2483CVE-2016-2484CVE-2016-2485CVE-2016-2486CVE-2016-2487
High
Yes
Elevation of Privilege Vulnerability in Qualcomm Camera Driver
CVE-2016-2061CVE-2016-2488
High
Yes
Elevation of Privilege Vulnerability in Qualcomm Video Driver
CVE-2016-2489
High
Yes
Elevation of Privilege Vulnerability in NVIDIA Camera Driver
CVE-2016-2490CVE-2016-2491
High
Yes
Elevation of Privilege Vulnerability in Qualcomm WiFi Driver
CVE-2016-2470CVE-2016-2471CVE-2016-2472CVE-2016-2473
High
Yes
Elevation of Privilege Vulnerability in MediaTek Power Management Driver
CVE-2016-2492
High
Yes
Elevation of Privilege Vulnerability in SD Card Emulation Layer
CVE-2016-2494
High
Yes
Elevation of Privilege Vulnerability in Broadcom WiFi Driver
CVE-2016-2493
High
Yes
Remote Denial of Service Vulnerability in Mediaserver
CVE-2016-2495
High
Yes
Elevation of Privilege Vulnerability in Framework UI
CVE-2016-2496
Moderate
Yes
Information Disclosure Vulnerability in Qualcomm WiFi Driver
CVE-2016-2498
Moderate
Yes
Information Disclosure Vulnerability in Mediaserver
CVE-2016-2499
Moderate
Yes
Information Disclosure Vulnerability in Activity Manager
CVE-2016-2500
Moderate
Yes
Sponsored: Rise of the machines