Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets.
Google did not reveal the technical specifics of the critical flaw, tracked as CVE-2020-0458, and will likely not until a majority of handsets are patched. The other nine critical bugs plugged this month by Google are tied to the underlying Qualcomm chipsets and accompanying firmware, common on most Android phones.
The critical Qualcomm bugs fixed were each rated 9.8 out of 10 in severity, using the standard CVSS score. Eight of these flaws were tied to the vendor’s subsystem software that controls audio. Another bug, tracked as CVE-2020-11225, is tied to the Qualcomm Wi-Fi radio’s WLAN host communication component.
Bug descriptions are available via Qualcomm’s own December 2020 Security Bulletin, posted Monday. Several of these critical flaws were identified as buffer-overflow bugs and buffer over-read vulnerabilities.
One the audio flaws, tracked as CVE-2020-11137, is identified as a “buffer over-read issue in audio” that could be exploited remotely, according to Qualcomm. It wrote, an attacker can create conditions for an “integer multiplication overflow resulting in lower buffer size allocation than expected [which] causes memory access out of bounds resulting in possible device instability.”
The Wi-Fi bug is triggered when the chip is forced to “buffer copy without checking size of input in WLAN”. The result are conditions ripe of a “classic buffer overflow” attack. This type of attack occurs when an adversary floods a program too much data. “The excess data corrupts nearby space in memory. If attackers know the memory layout of a program, they can intentionally feed input that the buffer cannot store, and overwrite areas that hold executable code, replacing it with their own code,” describes Imperva.
Qualcomm credited a number of researchers for discovering vulnerabilities including Haikuo Xie of Huawei Security and Ying Wang of Baidu Security Lab and Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud. Other credited bug hunters included Ben Hawkes of Google Project Zero and researcher Nick Landers.
Put Ransomware on the Run: Save your spot for “What’s Next for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what’s coming in the ransomware world and how to fight back.
Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. Register here for the Wed., Dec. 16 for this LIVE webinar.