Light Dark
July 10, 2017 By Mark Samuels 2 min read

Among the 138 vulnerabilities disclosed in its Android Security Bulletin for July 2017, Google reported a critical flaw in media framework that could enable a remote attacker to execute arbitrary code using a specially crafted file. Google classified the media framework issue as severe based on its potential impact on an infected device.

The good news is that Google has received no reports of active customer exploitation or abuse of these newly reported Android vulnerabilities. Still, the technology giant implored users to accept its updates as soon as possible.

Patching Android Vulnerabilities

The monthly update is split into two partial security patch level strings: The 2017-07-01 security patch level addresses issues in the Android platform, while the 2017-07-05 level resolves device-specific vulnerabilities in components supplied by manufacturers, SecurityWeek reported. The update fixed 27 vulnerabilities in media framework. Ten of these issues were viewed as critical, 15 as high and two as moderate.

The patches also addressed a critical file called Broadpwn, which is a remote code execution vulnerability in the Broadcom Wi-Fi driver. In its advisory note, Google credited security researcher Nitay Artenstein of Exodus Intelligence for his work on the patched Broadcom issue. According to eWEEK, Artenstein will provide more insight into this vulnerability at the Black Hat security conference on July 27.

Mitigating the Risk

Google reported that partners were notified of the issues described in the bulletin at least a month ago. Source code patches for these vulnerabilities have been released to the Android Open Source Project (AOSP) repository. The bulletin also included links to patches outside the AOSP.

The firm issued over-the-air updates and firmware images for the Pixel/Pixel XL, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player and Pixel C, according to SC Magazine. Additionally, the advisory note included mitigations, which Google said can help reduce the likelihood of a successful exploitation.

Staying on Top of Threats

According to Gartner, 81.7 percent of the smartphones sold in the last quarter of 2016 ran the Android operating system. Google’s monthly update serves as another warning for IT managers to stay on top of their firm’s mobile security patches and policies. Removing malware can be a tricky task, but smart device management can reduce the need for a reactive approach.

 |  |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

April 22, 2024

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature