Android Broadpwn WiFi security warning [轉載,英文]

jgyjgw · 發表於 2017-7-26 00:28:53

Android Security Bulletin—July 2017 security update安全更新, 高严重程度
https://source.android.com/security/bulletin/2017-07-01
Published July 5, 2017 | Updated July 6, 2017

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of July 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level.

Partners were notified of the issues described in the bulletin at least a month ago. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

We encourage all customers to accept these updates to their devices.

Announcements

This bulletin has two security patch level strings to provide Android partners with the flexibility to more quickly fix a subset of vulnerabilities that are similar across all Android devices. See Common questions and answers for additional information:
2017-07-01: Partial security patch level string. This security patch level string indicates that all issues associated with 2017-07-01 (and all previous security patch level strings) are addressed.
2017-07-05: Complete security patch level string. This security patch level string indicates that all issues associated with 2017-07-01 and 2017-07-05 (and all previous security patch level strings) are addressed.
Android and Google Play Protect mitigations

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.
2017-07-01 security patch level—Vulnerability details

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2017-07-01 patch level. Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

Runtime

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.

CVE References Type Severity Updated AOSP versions
CVE-2017-3544 A-35784677 RCE Moderate 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2

Framework

The most severe vulnerability in this section could enable a local malicious application using a specially crafted file to execute arbitrary code within the context of an application that uses the library.

CVE References Type Severity Updated AOSP versions
CVE-2017-0664 A-36491278 EoP High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0665 A-36991414 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0666 A-37285689 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0667 A-37478824 EoP High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0668 A-22011579 ID Moderate 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0669 A-34114752 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0670 A-36104177 DoS High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2

Libraries

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an application that uses the library.

CVE References Type Severity Updated AOSP versions
CVE-2017-0671 A-34514762* RCE High 4.4.4
CVE-2016-2109 A-35443725 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0672 A-34778578 DoS High 7.0, 7.1.1, 7.1.2

Media framework

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

CVE References Type Severity Updated AOSP versions
CVE-2017-0540 A-33966031 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0673 A-33974623 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0674 A-34231163 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0675 A-34779227 [2] RCE Critical 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0676 A-34896431 RCE Critical 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0677 A-36035074 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0678 A-36576151 RCE Critical 7.0, 7.1.1, 7.1.2
CVE-2017-0679 A-36996978 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0680 A-37008096 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0681 A-37208566 RCE Critical 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0682 A-36588422* RCE High 7.0, 7.1.1, 7.1.2
CVE-2017-0683 A-36591008* RCE High 7.0, 7.1.1, 7.1.2
CVE-2017-0684 A-35421151 EoP High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0685 A-34203195 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0686 A-34231231 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0688 A-35584425 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0689 A-36215950 DoS High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0690 A-36592202 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0691 A-36724453 DoS High 7.0, 7.1.1, 7.1.2
CVE-2017-0692 A-36725407 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0693 A-36993291 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0694 A-37093318 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0695 A-37094889 DoS High 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0696 A-37207120 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0697 A-37239013 DoS High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0698 A-35467458 ID Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0699 A-36490809 ID Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2

System UI

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

CVE References Type Severity Updated AOSP versions
CVE-2017-0700 A-35639138 RCE High 7.1.1, 7.1.2
CVE-2017-0701 A-36385715 [2] RCE High 7.1.1, 7.1.2
CVE-2017-0702 A-36621442 RCE High 7.1.1, 7.1.2
CVE-2017-0703 A-33123882 EoP High 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
CVE-2017-0704 A-33059280 EoP Moderate 7.1.1, 7.1.2

jgyjgw · 發表於 2017-7-26 00:30:46

“Broadpwn” Wireless Exploit - iOS and Android Devices

ly 24, 2017 - A recently discovered wireless vulnerability in a popular line of Broadcom wireless chips used in many mobile devices has been patched and Coretelligent advises users to upgrade immediately. This exploit has been dubbed "Broadpwn" by security researchers, as this exploit affects hundreds of millions of smartphones and other devices that use a set of Broadcom chips released started a few years ago.

Affected devices are the iPhone 5 and later, fourth-generation iPads and later, and the sixth-generation iPod touch. Apple’s release note explained, “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” and attributed its discovery to Nitay Artenstein of Exodus Intelligence. To use this proximity attack, a malicious party would need to be within range of a user with a vulnerable device. That limits the potential effect, but also means that anyone with an unpatched device remains at risk from hackers using heavily trafficked public places or targeted employees of specific companies, organizations, or government agencies.

On July 5, Google released a patch for the flaw for Android systems. Apple’s update (iOS 10.3.3) came on July 19. So far, there have been no reports of this flaw being exploited in the wild.

iOS 10.3.3 - https://support.apple.com/en-us/HT207923
Android Patch - https://source.android.com/security/bulletin/2017-07-01

Coretelligent recommends that all users upgrade their respective iOS or Android devices immediately.