The tech giants known as Google have been doing a sort of oversight on internet security. This includes a monthly publication on the security of Android devices, with reference to the prevalent threats it faced and handled. The bulletin for the current month has been released in its October batches, and this involves some critical and non-critical threats.
An overview of the vulnerabilities from handled by Google reveals that the Escalation of Privileges was among the most severe. This is named the (EoP) vulnerability (CVE-2017-0806), and it takes on the Android versions from the 6.0 (Marshmallow) to the Android 8.0 (Oreo) OS which is the most recent version. The major crux of this vulnerability as explained by Google is that user interaction could be easily bypassed by any local malicious application. So the application can gain access to some unauthorized information when this happens.
The October 2017 android patches has a full list of 14 vulnerabilities addressed in it, and five of them are rated critical for Android devices. The bulletin came in two different batches, and they handled cases of dangers to some of the iterations of the android platform from the Android 4.4.4 to the Android 8.0. The major danger, which is marked as the most critical as stated above, includes arbitrary code execution cases. Here, applications could gain additional permissions without the knowledge of the user, like accessing their account for casino games in Germany.
In the first batch of the report, 8 vulnerabilities were identified, with 3 of them being among the severe. The other 3 are high risk, while the remaining 2 are just of medium severity.
The area that had the highest impact or attack is the area of media framework. This, alone, had up to 6 threats or vulnerabilities addressed. Among the 6 that it had, 3 were critical and all of them are the types that point to Remote Code Execution. Within this category, there was also one high severity threat which is based on the Elevation of Privilege, while the next two which are of moderate risks bordered on Information Disclosure Bugs.
The area of framework witnessed one high severity Elevation of Privilege case, while the system category had just one high risk Remote Code Execution issues handled on it.
The area of CVE-2017-14496 was among the cases addressed. This is one bug that has to do with the software for Dnsmasq network services. The issue was taken care of when the Dnsmasq 2.78 was launched on Monday. Dnsmasq 2.78 also took care of other vulnerabilities like lapses in remote code execution.
In the second batch of the patches that came out on 10-5-2017, 6 vulnerabilities were taken care of for the android world.
4 out of them were just high risk, while 2 were critical. Among the critical bugs were one Elevation of Privilege case and one case of Remote Code Execution. When it comes to the high risk cadre, the addressed issues include impacted MediaTek components, impacted Qualcomm components, impacted Kernel components, and elevation of privilege.
They also published some vulnerability cases in other operating systems they were handled within the month. They include systems like Pixel and Nexus devices. The conclusion is that the threat to our devices and operating systems are real, and people have to be vigilant and up to date about cushion for these vulnerabilities.