Android June Security Bulletin: Vulnerabilities increasing
Google released its monthly Android Security Bulletin this week. The TL;DR is there are 40 new security patches, the vast majority of which are “critical” or “high” concern.
This makes a total of 162 vulnerabilities reported via the monthly Android Security Bulletin for 2016. The vulnerabilities fixed this month range from remote code execution to privilege elevation to information disclosures. Of the total bugs listed in June’s report, 37.5 percent were found in the Android mediaserver code, which is where “Stagefright” and its family of vulnerabilities exist.
One of these was a critical remote code execution vulnerability, so be careful opening any media files from untrusted sources until you have received the patch.
Additionally, we are beginning to see more attention from security researchers focused on device drivers used by Android devices with 21 vulnerabilities reported this month. For comparison, Google reported 15 vulnerabilities in May and only reported 11 in total in the eight-month span between August 2015 and April 2016.
Device drivers let the Android operating system talk to the hardware components in your phone. Drivers typically have a higher level of privilege than other code running on a computer and can cause a number of problems. For example, attackers could exploit it to take over the entire device. These vulnerabilities accounted for 52.5 percent of the ones reported for June.
June 2016 Vulnerability Stats:
- 40 vulnerabilities
- 20% are critical
- 70% are high
- 10% are moderate
5% are Remote Code Execution Vulnerabilities
85% are Elevation of Privilege Vulnerabilities
2.5% are Denial of Service Vulnerabilities
7.5% are Information Disclosures Vulnerabilities
37.5% are related to mediaserver code in Android
52.5% are related to device drivers used by Android
Google fixed a lot of vulnerabilities this month so it is very important, as always, that you keep your device up to date with the latest version of Android and also check for malicious applications that may seek to exploit these vulnerabilities. You can check what security patch level your device is at by following these instructions.