Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0124 Android Security Bulletin - June 2018 5 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Android Operating System: Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-9409 CVE-2018-9373 CVE-2018-9372 CVE-2018-9371 CVE-2018-9370 CVE-2018-9369 CVE-2018-9368 CVE-2018-9367 CVE-2018-9366 CVE-2018-9364 CVE-2018-9363 CVE-2018-9362 CVE-2018-9361 CVE-2018-9360 CVE-2018-9359 CVE-2018-9358 CVE-2018-9357 CVE-2018-9356 CVE-2018-9355 CVE-2018-9348 CVE-2018-9347 CVE-2018-9346 CVE-2018-9345 CVE-2018-9344 CVE-2018-9341 CVE-2018-9340 CVE-2018-9339 CVE-2018-9338 CVE-2018-5896 CVE-2018-5894 CVE-2018-5892 CVE-2018-5891 CVE-2018-5885 CVE-2018-5884 CVE-2018-5854 CVE-2018-5835 CVE-2018-5834 CVE-2018-5831 CVE-2018-5830 CVE-2018-5829 CVE-2018-5146 CVE-2018-3569 CVE-2017-18159 CVE-2017-18158 CVE-2017-18157 CVE-2017-18156 CVE-2017-18155 CVE-2017-17807 CVE-2017-17806 CVE-2017-17558 CVE-2017-13230 CVE-2017-13227 CVE-2017-13077 CVE-2017-6294 CVE-2017-6292 CVE-2017-6290 Member content until: Thursday, July 5 2018 Reference: ASB-2018.0060 ESB-2018.1441 ESB-2018.1321 ESB-2018.0776 ESB-2018.0775 ESB-2018.0774 OVERVIEW Multiple vulnerabilities have been identified in Android prior to versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. [1] IMPACT The vendor has provided the following information: "2018-06-01 security patch level vulnerability details In the sections below, we provide details for each of the security vulnerabilities that apply to the 2018-06-01 patch level. Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Framework The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions. CVE References Type Severity Updated AOSP versions CVE-2018-9338 A-71361168 EoP High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9339 A-71508348 EoP High 8.0, 8.1 CVE-2017-13227 A-69981710 ID High 8.0, 8.1 CVE-2018-9340 A-71360999 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 Media framework The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. CVE References Type Severity Updated AOSP versions CVE-2018-9341 A-74016277 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-5146 A-77284393 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2017-13230 A-65483665 RCE Critical 6.0 CVE-2018-9344 A-73172817 EoP High 8.1 CVE-2018-9345 A-77238250 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9346 A-77238762 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9347 A-68664359 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9348 A-68953854 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 System The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. CVE References Type Severity Updated AOSP versions CVE-2018-9355 A-74016921 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9356 A-74950468 RCE Critical 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9357 A-74947856 EoP High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9358 A-73172115 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9359 A-74196706 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9360 A-74201143 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9361 A-74202041 ID High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 CVE-2018-9362 A-72298611 DoS High 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 2018-06-05 security patch level--Vulnerability details In the sections below, we provide details for each of the security vulnerabilities that apply to the 2018-06-05 patch level. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Kernel components The most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE References Type Severity Component CVE-2018-9363 A-65853588* EoP High bluetooth CVE-2017-17806 A-71752561 EoP High crypto Upstream kernel CVE-2017-17807 A-71751178 EoP High Keyring Upstream kernel CVE-2017-17558 A-71751622 EoP High USB Upstream kernel LG components The most severe vulnerability in this section could enable a local attacker to bypass user interaction requirements in order to gain access to additional permissions. CVE References Type Severity Component CVE-2018-9364 A-69163111* EoP Critical Bootloader Media framework The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions. CVE References Type Severity Updated AOSP versions CVE-2018-9409 A-63144992 EoP High 8.1 QC-CR#2114346 MediaTek components The most severe vulnerability in this section could enable a remote attacker to execute arbitrary code within the context of the TCB. CVE References Type Severity Component CVE-2018-9373 A-71867247* EoP Critical Mediatek WLAN TDLS M-ALPS03740330 CVE-2018-9366 A-72314499* EoP High IMSA M-ALPS03762526 CVE-2018-9367 A-72314219* EoP High Cameratool CCAP M-ALPS03762692 CVE-2018-9368 A-70727446* EoP High mtksocaudio M-ALPS03730693 CVE-2018-9369 A-70514573* EoP High bootloader M-ALPS03666161 CVE-2018-9370 A-70515281* EoP High bootloader M-ALPS03693488 CVE-2018-9371 A-70515752* EoP High Bootloader M-ALPS03683903 CVE-2018-9372 A-70730215* EoP High bootloader M-ALPS03676237 NVIDIA components The most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE References Type Severity Component CVE-2017-6290 A-69559414* EoP High TLK TrustZone N-200373895 CVE-2017-6294 A-69316825* EoP High NVIDIA Tegra X1 TZ N-200369095 CVE-2017-6292 A-69480285* EoP High TLZ TrustZone N-200373888 Qualcomm components The most severe vulnerability in this section could enable a local attacker to bypass user interaction requirements in order to gain access to additional permissions. CVE References Type Severity Component CVE-2017-18158 A-68992400 EoP Critical Bootloader QC-CR#2104056 CVE-2018-3569 A-74237215 EoP Critical WLAN Host QC-CR#2161920 CVE-2017-18155 A-66734153* RCE Critical Hardware QC-CR#1050893 codec CVE-2018-5854 A-71800779 EoP Critical Bootloader QC-CR#2183877 CVE-2017-13077 A-63165064* EoP High WLAN CVE-2018-5896 A-70399602* ID High Diag driver QC-CR#2163793 CVE-2018-5829 A-74237546 ID High WLAN QC-CR#2151241 A-68992405 CVE-2017-18159 QC-CR#2105697 EoP High Bootloader CVE-2017-18158 A-67782849* EoP High Bootloader QC-CR#2104056 CVE-2018-5835 A-74237148 EoP High WLAN Host QC-CR#2153553 CVE-2018-5834 A-74237804 EoP High WLAN QC-CR#2153326 CVE-2018-5831 A-74237606 EoP High GPU driver QC-CR#2161310 CVE-2018-5830 A-74237532 EoP High WLAN Host QC-CR#2157917 Qualcomm closed-source components These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm AMSS security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. CVE References Type Severity Component CVE-2017-18157 A-73539080* N/A High Closed-source component CVE-2017-18156 A-73539065* N/A High Closed-source component CVE-2018-5892 A-72951191* N/A High Closed-source component CVE-2018-5891 A-72950815* N/A High Closed-source component CVE-2018-5885 A-72950554* N/A High Closed-source component CVE-2018-5894 A-74236854* N/A High Closed-source component CVE-2018-5884 A-74235510* N/A High Closed-source component"[1] MITIGATION Android users are advised to update to the latest versions to address these issues. [1] REFERENCES [1] Android Security Bulletin - June 2018 https://source.android.com/security/bulletin/2018-06-01 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWxXoqWaOgq3Tt24GAQhUEBAAsX1lEtQO99QJp4kkVj03G6bnUzSmqaw4 FSazrxpl5rDOPikp4jkdypdeSzmEI7Cssye9F+8C5IicA1WLG6NQEtAoCWm8N0IM 3yZCIweCxMF1YBco+ELp50KN2jQ8TahyzHx6uTUS7zjxU5QFKf8kAVxXJBHDOi9K PBksxNuCcSd2z5U2L3NiVlQQdsoQErZeUZdCkkGkNS0u21z77xx23nweK83HnOl4 rgDXgNZHjB942yt3jmobcjMO2887E3bcKV5yIfqXuq3owSIjTb5NxVqQ9eHQ7ajH OdwlfU15CO65XFeAk7UPihcZTa2Q7XSnmteYjNkHfjETDxww7Oq5K8FB4C7P8Gmk i1ZVh+gJCGpeZY3clBajqxCPWInXazYomzn7JuCdQDGJhRXSuJpn/G+NMLzlDz76 UY/Yi1Kgaf3ZdMN8eKzHCfNTiG36KOOWmtJJXkuAz2ihk6UyjTpJEy/ER7KFybNH J5ffO54Au/rSe7qXzIKI4Kp6czK+D+zw6gLGnSXdYuOS3hhFxK09kCyxEzAffNGc ZDVsO9c1g3Jd+zGq0Up5XvFYmjbQhddfxpXeIa8V7NWB/hGkaK36EYEU4t5KxvkO 5QxzfEgqhRG4gaXLswaRmmfteYMDE8xs8x/N5wsVdX8BlZKSsIzQRP14j4zW23+m gA3U6tX6dsQ= =6dO1 -----END PGP SIGNATURE-----