Google has released the second security patch for Android. The February Android update brings fixes for 58 different vulnerabilities and patches eight critical security flaws.
Alongside fixing some major bugs, Google has fixed CVE-2017-0405 which is a remote execution vulnerability in the Android Surfaceflinger graphics library. The issue was listed as the most critical by the Android maker. Furthermore, the vulnerability could let an attacker use a special file to cause memory corruption during data processing.
The Surfacelinger issue was first reported by Copperhead Security in October 2015. The highly infamous vulnerability had kickstarted the trend of monthly patching process in August 2015.
Google has also patched four stagefright vulnerabilities in this update. Two of them (CVE-2017-0406, CVE-2017-0407) are remote code issues in the mediaserver while the other two are high severity issues that can lead to remote code execution.
Another patch (CVE-2017-0427) is a privilege escalation bug in the kernel filesystem of Android. This vulnerability can remotely execute arbitrary code in the context of kernel. This issue can lead to local permanent device compromise. The infected device can be fixed only by formatting the operating system.
Additionally, Google has patched the privilege escalation vulnerability (CVE-2014-9914) that was patched in Linux kernel in 2014. The latest security update brings 19 patches for Qualcomm flaws.
Your Android Nougat running Nexus or Pixel device is likely to receive the February Android security update in the coming days. Meanwhile, you can read about all its fixes and patches from the official Security Bulletin.
[…] By compartmentalisation, Google has intended to reduce the attack surface exposed to an app. It is a smarter approach to stop vulnerability like Stagefright. […]