July 10, 2017 By Mark Samuels 2 min read

Among the 138 vulnerabilities disclosed in its Android Security Bulletin for July 2017, Google reported a critical flaw in media framework that could enable a remote attacker to execute arbitrary code using a specially crafted file. Google classified the media framework issue as severe based on its potential impact on an infected device.

The good news is that Google has received no reports of active customer exploitation or abuse of these newly reported Android vulnerabilities. Still, the technology giant implored users to accept its updates as soon as possible.

Patching Android Vulnerabilities

The monthly update is split into two partial security patch level strings: The 2017-07-01 security patch level addresses issues in the Android platform, while the 2017-07-05 level resolves device-specific vulnerabilities in components supplied by manufacturers, SecurityWeek reported. The update fixed 27 vulnerabilities in media framework. Ten of these issues were viewed as critical, 15 as high and two as moderate.

The patches also addressed a critical file called Broadpwn, which is a remote code execution vulnerability in the Broadcom Wi-Fi driver. In its advisory note, Google credited security researcher Nitay Artenstein of Exodus Intelligence for his work on the patched Broadcom issue. According to eWEEK, Artenstein will provide more insight into this vulnerability at the Black Hat security conference on July 27.

Mitigating the Risk

Google reported that partners were notified of the issues described in the bulletin at least a month ago. Source code patches for these vulnerabilities have been released to the Android Open Source Project (AOSP) repository. The bulletin also included links to patches outside the AOSP.

The firm issued over-the-air updates and firmware images for the Pixel/Pixel XL, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player and Pixel C, according to SC Magazine. Additionally, the advisory note included mitigations, which Google said can help reduce the likelihood of a successful exploitation.

Staying on Top of Threats

According to Gartner, 81.7 percent of the smartphones sold in the last quarter of 2016 ran the Android operating system. Google’s monthly update serves as another warning for IT managers to stay on top of their firm’s mobile security patches and policies. Removing malware can be a tricky task, but smart device management can reduce the need for a reactive approach.

More from

White House mandates stricter cybersecurity for R&D institutions

2 min read - Federal cyber regulation is edging further into research and development (R&D) and higher education. A recent memo from the Office of Science and Technology Policy (OSTP) states that certain covered institutions will be required to implement cybersecurity programs for R&D security. These mandates will also apply to institutions of higher education that support R&D. Beyond strengthening the overall U.S. security posture, this move is also in direct response to growing threats posed by the People's Republic of China (PRC), as…

New memo reveals Biden’s cybersecurity priorities through fiscal year 2026

2 min read - On July 10, 2024, the White House released a new memo regarding the Biden administration’s cybersecurity investment priorities, initially proposed in July 2022. This new memorandum now marks the third time the Office of the National Cyber Director (ONCD), headed by Harry Coker, has released updated priorities and outlined procedures regarding the five core pillars of the National Cybersecurity Strategy Implementation Plan (NCSIP), now relevant through fiscal year 2026. Key highlights from the FY26 memorandum In the latest annual version…

How prepared are you for your first Gen AI disruption?

5 min read - Generative artificial intelligence (Gen AI) and its use by businesses to enhance operations and profits are the focus of innovation in virtually every sector and industry. Gartner predicts that global spending on AI software will surge from $124 billion in 2022 to $297 billion by 2027. Businesses are upskilling their teams and hiring costly experts to implement new use cases, new ways to leverage data and new ways to use open-source tooling and resources. What they have failed to look…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today