the most important number of essential and excessive severity flaws had been patched in the Qualcomm video driving force, sound driving force, GPU motive force, c084d04ddacadd4b971ae3d98fecfb2a driving force, and digicam motive force. a number of those privilege escalation vulnerabilities should permitmalicious packages to execute malicious code in the kernel leading to a everlasting device compromise.
similar excessive–risk flaws have been wi-fixed in the Broadcom c084d04ddacadd4b971ae3d98fecfb2adriver, NVIDIA camera motive force, and MediaTek strength management motive force. thesevulnerabilities can supply everyday applications get entry to to privileges or system settings that theyshouldn’t have. In a few cases, the issues allow kernel code execution, however handiest if the attacker compromises a one of a kind carrier wirelessrst to speak with the prone driving force.
those flaws are a warning that chipset makers must placed greater attempt into checking out their code, which typically includes drivers that run inside the most privileged areas of the OS.
similarly to wi-fisolving 21 vulnerabilities in device drivers for numerous hardware additives fromnumerous chipset makers, Google wireless more than a dozen flaws in the mediaserver thing.
One crucial, 12 high–chance and one moderate flaw had been wi-fixed in mediaserver, a element that handles audio and video report processing on Android. Google has been working wi-ficult to reinforcemediaserver for the past yr.
One crucial vulnerability changed into patched in libwebm, that may permit applications to execute codewithin the context of the mediaserver process that has unique privileges.
further, a excessive–chance flaw become constantwireless inside the SD card emulation layer, amoderate one inside the Framework UI, and one inside the activity supervisor.
Google released updated Android wi-firmware photographs and over-the-air updates Monday for its supported Nexus devices: Nexus wi-fi, Nexus 5X, Nexus 6, and Nexus 6P. The agency has alsonotiwirelessed device manufacturers about these issues on may 2 that allows you to prepare their very own wirelessrmware updates.
The patches might be launched to the Android Open supply venture (AOSP) over the following 48 hoursso that network–developed Android wi-firmware and different tasks that depend on the AOSP code canintegrate them.