Google patches latest Quadrooter vulnerabilities in Android
Google has patched the latest Quadrooter leaks with another round of patching. The company writes this in its latest security bulletin. Two of the four leaks were still unsolved. Google also explains how to counter the Stagefright leak in Nougat.
The recently closed leaks concern cve-2016-5340 and cve-2016-2059, according to the message from Google. The first leak was in the Android memory allocation subsystem and allowed an attacker to execute arbitrary code. The second leak was in the ipc_router, which handles communication between Qualcomm components. These vulnerabilities are part of the four vulnerabilities collectively known as Quadrooter.
They were discovered in August by the security company Check Point and are contained in the Qualcomm drivers for Android. The company’s initial estimate was that the leak would affect “hundreds of millions” of devices, but this was later contradicted by Google. For example, Google stated that devices with Android 4.2 or higher are protected through the ‘verify apps’ function, although they are still vulnerable. Initially, it was stated that three of the four Quadrooter vulnerabilities had already been patched, but it was not yet known when a patch would be released for two of the vulnerabilities.
In addition, in a post from the Android security team, Google explained how the Stagefright vulnerability, which actually consists of several vulnerabilities, has been addressed in the latest Nougat variant of Android. The team explains that it rebuilt the media server for that purpose. In 2015, it was revealed that the Stagefright vulnerability was in this part of Android and allowed an attacker to execute code on the victim’s device, for example through a special MMS message.
To counter these kinds of attacks, Nougat has chosen to develop a system for detecting integer overflows, which can lead to the execution of malicious code. As soon as such an incident is noticed, Android closes the relevant process, the security team explains. In addition, the media stack is divided into different components, each of which has its own sandbox with limited rights. That way, an attacker also has limited access and it is more difficult to attack the kernel.
Other improvements were made in Verified Boot, which prevents cracked devices from starting, and in aslr. This makes a buffer overflow attack more difficult.