Google Patches 58 Android Vulnerabilities in February Security Update

Google released its second Android patch update of 2017 on Feb. 6, providing users of the mobile operating system with patches for 58 different vulnerabilities, up significantly from the 13 flaws Google fixed in its February 2016 Android update.


In the new February 2017 update, 8 vulnerabilities are rated by Google as critical. Among the critical vulnerabilities is CVE-2017-0405, which is a remote code execution vulnerability in the Android Surfaceflinger graphics library.

" A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing," Google warns in its advisory. " This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. "
The Surfaceflinger issue was reported by researchers Scott Bauer and Daniel Micay of Copperhead Security. Micay in particular is no stranger to reporting Android vulnerabilities and was credited back in October 2015 for reporting a security flaw that was dubbed ' Stagefright 2' at the time. The original Stagefright media server flaw was first disclosed in July 2015 and is the vulnerability that led to Google start its monthly patch process in August 2015.

FAQ
Q
what is Denial of service vulnerability in Bionic DNS?
A
A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service.
Q
how to get Information disclosure vulnerability in Framework APIs?
A
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications.
Q
Information disclosure vulnerability in AOSP Mail?
A
An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications.
Q
how to Elevation of privilege vulnerability in Java.Net?
A
An elevation of privilege in the Java.Net library could enable malicious web content to redirect a user to another website without explicit permission. This issue is rated as High because it is a remote bypass of user interaction requirements.
Q
what is Remote code execution vulnerability in libgdx?
A
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library.