Google released its August Android Security update on August 7, patching no less than 49 different vulnerabilities in the mobile operating system.
Android's much-maligned media framework is home to 26 of the vulnerabilities patched in the August update. Among the media framework vulnerabilities are 10 critical remote code execution issues (CVE-2017-0714, CVE-2017-0715, CVE-2017-0716, CVE-2017-0718, CVE-2017-0719, CVE-2017-0720, CVE-2017-0721, CVE-2017-0722, CVE-2017-0723 and CVE-2017-0745).
"The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google warned in its advisory.
Four of the ten critical vulnerabilities in Android's Media Framework were reported by researcher Ao Wang of Pangu Team, while two were credited to Qihoo 360 researcher Zinuo Han of the Chengdu Security Response Center. A security researcher identified as @VYSE working with Trend Micro reported one critical media framework issue (CVE-CVE-2017-0715), and independent researcher Vasily Vasilev is also credited by Google for reporting a critical media framework issue.https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
The mediaserver library has been the subject of intense scrutiny since July 2015, when the first Stagefirst flaws were publicly reported. The Android mediaserver has been patched in every Android security update issued by Google since August 2015.
Also of note in the August update is a remote code execution flaw in the Broadcom networking driver identified as CVE-2017-740 that Google has rated as having moderate severity.
"The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google warned in its advisory.
In the July Android update, Google patched a highly critical flaw with Broadcom's WiFi driver, known as Broadpwn (CVE-2017-9417) that was publicly detailed during a session on July 27 at the Black Hat USA security conference.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.