Google has released its monthly set of Android patches for July, a release that includes fixes for many, many remote-code execution vulnerabilities, the highlight of which is a serious bug in some Broadcom chipsets that affects a lot of Android devices, as well as some iPhones.
That vulnerability, which is known as Broadpwn, will be detailed at the Black Hat conference later this month, and the specifics of it aren’t yet public. But Google said in its advisory that the bug could allow an attacker to run code with kernel privileges. The flaw affects several Broadcom chipsets that are used in a number of different types of devices from several manufacturers.
“Meet Broadpwn, a vulnerability in Broadcom’s Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction. The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices,” the abstract for the Black Hat talk by Nitay Artenstein says.
Among the other critical vulnerabilities fixed in the Android release are a long list of flaws in the media framework in the operating system. One of the bugs is an issue with the way the framework handles some specific files.
“A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process,” the vulnerability description says.
As it has been doing for several months now, Google separated July’s patches into two distinct streams. The July 1 patch level has patches for vulnerabilities in the Android runtime, media framework, libraries, and system UI. The July 5 stream includes several dozen more patches, most notably the one for the Broadpwn flaw, as well as two other vulnerabilities in Broadcom components.
Image from Bianca Moraes, CC by license