Google Patches Android for 49 Vulnerabilities in August Update

Google released its August Android Security update on August 7, patching no less than 49 different vulnerabilities in the mobile operating system.

Android’s much-maligned media framework is home to 26 of the vulnerabilities patched in the August update. Among the media framework vulnerabilities are 10 critical remote code execution issues (CVE-2017-0714, CVE-2017-0715, CVE-2017-0716, CVE-2017-0718, CVE-2017-0719, CVE-2017-0720, CVE-2017-0721, CVE-2017-0722, CVE-2017-0723 and CVE-2017-0745).

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Four of the ten critical vulnerabilities in Android’s Media Framework were reported by researcher Ao Wang of Pangu Team, while two were credited to Qihoo 360 researcher Zinuo Han of the Chengdu Security Response Center. A security researcher identified as @VYSE working with Trend Micro reported one critical media framework issue (CVE-CVE-2017-0715), and independent researcher Vasily Vasilev is also credited by Google for reporting a critical media framework issue.

The mediaserver library has been the subject of intense scrutiny since July 2015, when the first Stagefirst flaws were publicly reported. The Android mediaserver has been patched in every Android security update issued by Google since August 2015.

Also of note in the August update is a remote code execution flaw in the Broadcom networking driver identified as CVE-2017-740 that Google has rated as having moderate severity.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process,” Google warned in its advisory.

In the July Android update, Google patched a highly critical flaw with Broadcom’s WiFi driver, known as Broadpwn (CVE-2017-9417) that was publicly detailed during a session on July 27 at the Black Hat USA security conference.

Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top Endpoint Detection and Response (EDR) Solutions

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application...

Best SIEM Tools & Software for 2021

Security Information and Event Management (SIEM, pronounced "sim") is a key enterprise security technology, with the ability...

Related articles