Android Security Bulletin June 2017: What you need to know


Qualcomm elements have been crushed within the June 2017 Android Security Bulletin with 26 Critical bugs. Beyond that, Android fared pretty effectively, with solely two Critical points. Let’s have a look at the highlights in regards to the Qualcomm elements, as detailed within the June 2017 Android Security Bulletin.

SEE: Guidelines for constructing safety insurance policies (Tech Pro Research)

Check the safety launch in your Android machine

Before we dive into what’s included with this month’s bulletin, it is at all times good to know what safety launch is put in in your machine.

Of the Android gadgets I exploit commonly, the Verizon-branded Nexus 6 (operating Android and the OnePlus three (operating Android 7.1.1) are actually just one patch behind—they’re operating the May 2017 safety patch (Figure A).

Figure A

OnePlus three operating the May 2017 safety patch.

Now let us take a look at the vulnerabilities affecting the Android platform.

SEE: Free e book—Cybersecurity in an IoT and cell world (TechRepublic)

Image: Jack Wallen

Qualcomm Critical points

Qualcomm has fairly a little bit of patching to do for the Android platform. These vulnerabilities are described within the Qualcomm AMSS safety bulletins from 2014-2016, so a few of these points are long-standing.

The fixes and the descriptions are solely obtainable immediately from Qualcomm and the important bugs, which have an effect on closed supply elements, are as follows:

QC-CR#381837, QC-CR#581093, QC-CR#642173, QC-CR#739110, QC-CR#748397, QC-CR#748407, QC-CR#762111, QC-CR#762182, QC-CR#758752, QC-CR#762167, QC-CR#740680, QC-CR#746617, QC-CR#814373, QC-CR#855220, QC-CR#701858, QC-CR#827837, QC-CR#987699, QC-CR#973605, QC-CR#947438, QC-CR#991476, QC-CR#961142, QC-CR#989028, QC-CR#949933, QC-CR#988502, QC-CR#1020465, QC-CR#1058511, QC-CR#552880

Oh wait, there’s extra! There can be a Critical concern affecting the Qualcomm Bluetooth driver that would allow a proximity attacker to execute arbitrary code inside the kernel. That bug is QC-CR#1101054.

Qualcomm High points

There are Qualcomm points marked as High:

You may also discover loads of bugs labeled High that have an effect on Qualcomm closed-source elements. Those bugs are:

QC-CR#552880, QC-CR#622701, QC-CR#638984, QC-CR#656267, QC-CR#657771, QC-CR#651900, QC-CR#680778, QC-CR#711585, QC-CR#727398, QC-CR#739802, QC-CR#733455, QC-CR#735148, QC-CR#743985, QC-CR#736146, QC-CR#762764, QC-CR#866015, QC-CR#873202, QC-CR#892541, QC-CR#854667, QC-CR#906713,QC-CR#917701, QC-CR#917702, QC-CR#977632, QC-CR#988941

Qualcomm Moderate points

The Moderate points gave the Critical points a run for his or her cash. The present listing of Moderate vulnerabilities contains:

The onus is on Qualcomm

Because so many of those bugs have an effect on closed-source elements, the onus is on Qualcomm to resolve the vulnerabilities. Until that’s full, these bugs will proceed to plague Android. Considering a few of these bugs date again to 2014, my guess is that the producer is not precisely chomping on the bit to repair the issues.

Does that imply your Android machine is riddled with points? Although it might appear so, I would not toss these gadgets within the rubbish. Some of those points date again to older releases of Android, which suggests in the event you’re operating an up-to-date model of the platform, you’ll be high quality. However, it might behoove you (for extra causes than merely the Qualcomm vulnerabilities) to commonly replace Android and all put in apps. Do this each day, so that you might be certain your cell machine is as safe as attainable.

SEE: three easy steps to keep away from ransomware on Android (TechRepublic)

Upgrade and replace

The builders will work diligently to patch the vulnerabilities, however it’s as much as the top customers to make sure the fixes discover their strategy to gadgets. Make certain you not solely verify for updates, however that you simply apply them as quickly as they’re obtainable.

To see the complete itemizing of vulnerabilities, which incorporates numerous points past these affecting Qualcomm elements, take a look at the June 2017 Android Security Bulletin.

Also see

Leave a Reply