Light Dark
July 10, 2017 By Mark Samuels 2 min read

Among the 138 vulnerabilities disclosed in its Android Security Bulletin for July 2017, Google reported a critical flaw in media framework that could enable a remote attacker to execute arbitrary code using a specially crafted file. Google classified the media framework issue as severe based on its potential impact on an infected device.

The good news is that Google has received no reports of active customer exploitation or abuse of these newly reported Android vulnerabilities. Still, the technology giant implored users to accept its updates as soon as possible.

Patching Android Vulnerabilities

The monthly update is split into two partial security patch level strings: The 2017-07-01 security patch level addresses issues in the Android platform, while the 2017-07-05 level resolves device-specific vulnerabilities in components supplied by manufacturers, SecurityWeek reported. The update fixed 27 vulnerabilities in media framework. Ten of these issues were viewed as critical, 15 as high and two as moderate.

The patches also addressed a critical file called Broadpwn, which is a remote code execution vulnerability in the Broadcom Wi-Fi driver. In its advisory note, Google credited security researcher Nitay Artenstein of Exodus Intelligence for his work on the patched Broadcom issue. According to eWEEK, Artenstein will provide more insight into this vulnerability at the Black Hat security conference on July 27.

Mitigating the Risk

Google reported that partners were notified of the issues described in the bulletin at least a month ago. Source code patches for these vulnerabilities have been released to the Android Open Source Project (AOSP) repository. The bulletin also included links to patches outside the AOSP.

The firm issued over-the-air updates and firmware images for the Pixel/Pixel XL, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player and Pixel C, according to SC Magazine. Additionally, the advisory note included mitigations, which Google said can help reduce the likelihood of a successful exploitation.

Staying on Top of Threats

According to Gartner, 81.7 percent of the smartphones sold in the last quarter of 2016 ran the Android operating system. Google’s monthly update serves as another warning for IT managers to stay on top of their firm’s mobile security patches and policies. Removing malware can be a tricky task, but smart device management can reduce the need for a reactive approach.

 |  |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

May 14, 2024

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended RSAC…

May 14, 2024

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

May 13, 2024

Debate rages over DMCA Section 1201 exemption for generative AI

2 min read - The Digital Millennium Copyright Act (DMCA) is a federal law that protects copyright holders from online theft. The DMCA covers music, movies, text and anything else under copyright.The DMCA also makes it illegal to hack technologies that copyright owners use to protect their works against infringement. These technologies can include encryption, password protection or other measures. These provisions are commonly referred to as the “Anti-Circumvention” provisions or “Section 1201”.Now, a fierce debate is brewing over whether to allow independent hackers…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature