June’s Android Security Bulletin Address Critical Vulnerabilities in Media Framework and Qualcomm Components
Google recently released their June security bulletin for Android, which addresses a critical vulnerability found in Media framework, as well as a critical vulnerability that are based on Qualcomm components. As with previous Android security updates, this month’s bulletin is available via over-the-air updates for native Android devices or via service providers and manufacturers for non-native devices.
As is customary with Google’s monthly updates, two patch levels are involved—one labeled 2017-06-01, which is the partial security patch level that addresses all issues associated with 2017-06-01, as well as all previous security patch level strings. Among the critical vulnerabilities addressed in this patch level is CVE-2017-0637, which is the most severe in a set of seven vulnerabilities that involve Media framework. Attackers exploiting this vulnerability could use a specially crafted file to remotely cause memory corruption during media file and data processing. In addition, Trend Micro also discovered and disclosed CVE-2017-0640, CVE-2017-0641 and CVE-2017-0643, High severity vulnerabilities in the same component.
Also addressed in this patch level are vulnerabilities in the following components:
Bluetooth –This section includes CVE-2017-0639, a High severity vulnerability that could enable a local malicious app to access data outside of its permission levels.
Libraries – The vulnerabilities in this section comprise six High and four Moderate severity vulnerabilities. The most severe of these could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.
System UI – This section is comprised of CVE-2017-0638, a vulnerability that could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.
The second and more comprehensive security patch level is labeled 2017-06-05. This addresses all issues with both 2017-06-01 and 2017-06-05, as well as all previous security patch level strings. The highlight of this patch level is CVE-2017-7371, a Critical severity vulnerability in the Qualcomm component Bluetooth driver could enable a proximate attacker to execute arbitrary code within the context of the kernel.
Best Practices and Trend Micro Solutions
To prevent any complications that might arise from potential attackers looking to exploit the vulnerabilities found in this bulletin, users should immediately update their devices as soon as they are available – either from Google themselves or from other service providers and manufacturers.
In addition, users can ensure a multilayered approach to mobile security by downloading Trend Micro Mobile Security (TMMS), which can detect threats that could be used to exploit vulnerabilities such as the ones addressed in this update.
Trend Micro disclosed the following vulnerabilities:
- CVE-2017-0640
- CVE-2017-0641
- CVE-2017-0643
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
последний
- Unveiling AI Agent Vulnerabilities Part III: Data Exfiltration
- Unveiling AI Agent Vulnerabilities Part II: Code Execution
- Unveiling AI Agent Vulnerabilities Part I: Introduction to AI Agent Vulnerabilities
- The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground
- From Registries to Private Networks: Threat Scenarios Putting Organizations in Jeopardy
Cellular IoT Vulnerabilities: Another Door to Cellular Networks
AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™
Trend 2025 Cyber Risk Report
CES 2025: A Comprehensive Look at AI Digital Assistants and Their Security Risks