Como era de esperarse, la gigante de Internet Google no quiso atrasarse en cuanto las mejoras de seguridad de Android y de nuevo tenemos el nuevo boletín de seguridad correspondiente para el mes de Enero.
Varios huecos fueron identificados en Diciembre y es que según el más reciente boletín de seguridad para Android de parte de Google, se cubrieron varias anomalías identificadas para lograr acceso remoto en equipos de Android, siendo una en particular, capaz de manifestase a través de email, MMS o simplemente entrando a una página de Internet dinámica.
El nivel de parchos efectivos el primero de Enero incluye lo siguiente:
| Issue | CVE | Severity | Affects Google devices? |
|---|---|---|---|
| Remote code execution vulnerability in Mediaserver | CVE-2017-0381 | Critical | Yes |
| Remote code execution vulnerability in c-ares | CVE-2016-5180 | High | Yes |
| Remote code execution vulnerability in Framesequence | CVE-2017-0382 | High | Yes |
| Elevation of privilege vulnerability in Framework APIs | CVE-2017-0383 | High | Yes |
| Elevation of privilege vulnerability in Audioserver | CVE-2017-0384, CVE-2017-0385 | High | Yes |
| Elevation of privilege vulnerability in libnl | CVE-2017-0386 | High | Yes |
| Elevation of privilege vulnerability in Mediaserver | CVE-2017-0387 | High | Yes |
| Information disclosure vulnerability in External Storage Provider | CVE-2017-0388 | High | Yes |
| Denial of service vulnerability in core networking | CVE-2017-0389 | High | Yes |
| Denial of service vulnerability in Mediaserver | CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393 | High | Yes |
| Denial of service vulnerability in Telephony | CVE-2017-0394 | High | Yes |
| Elevation of privilege vulnerability in Contacts | CVE-2017-0395 | Moderate | Yes |
| Information disclosure vulnerability in Mediaserver | CVE-2017-0396, CVE-2017-0397 | Moderate | Yes |
| Information disclosure vulnerability in Audioserver | CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402 | Moderate | Yes |
Mientras que el efectivo para el 5 de Enero incluye:
| Issue | CVE | Severity | Affects Google devices? |
|---|---|---|---|
| Elevation of privilege vulnerability in kernel memory subsystem | CVE-2015-3288 | Critical | Yes |
| Elevation of privilege vulnerability in Qualcomm bootloader | CVE-2016-8422, CVE-2016-8423 | Critical | Yes |
| Elevation of privilege vulnerability in kernel file system | CVE-2015-5706 | Critical | No* |
| Elevation of privilege vulnerability in NVIDIA GPU driver | CVE-2016-8424, CVE-2016-8425, CVE-2016-8426, CVE-2016-8482, CVE-2016-8427, CVE-2016-8428, CVE-2016-8429, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432 | Critical | Yes |
| Elevation of privilege vulnerability in MediaTek driver | CVE-2016-8433 | Critical | No* |
| Elevation of privilege vulnerability in Qualcomm GPU driver | CVE-2016-8434 | Critical | Yes |
| Elevation of privilege vulnerability in NVIDIA GPU driver | CVE-2016-8435 | Critical | Yes |
| Elevation of privilege vulnerability in Qualcomm video driver | CVE-2016-8436 | Critical | No* |
| Vulnerabilities in Qualcomm components | CVE-2016-5080, CVE-2016-8398, CVE-2016-8437, CVE-2016-8438, CVE-2016-8439, CVE-2016-8440, CVE-2016-8441, CVE-2016-8442, CVE-2016-8443, CVE-2016-8459 | Critical | No* |
| Elevation of privilege vulnerability in Qualcomm camera | CVE-2016-8412, CVE-2016-8444 | High | Yes |
| Elevation of privilege vulnerability in MediaTek components | CVE-2016-8445, CVE-2016-8446, CVE-2016-8447, CVE-2016-8448 | High | No* |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | CVE-2016-8415 | High | Yes |
| Elevation of privilege vulnerability in NVIDIA GPU driver | CVE-2016-8449 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm sound driver | CVE-2016-8450 | High | Yes |
| Elevation of privilege vulnerability in Synaptics touchscreen driver | CVE-2016-8451 | High | No* |
| Elevation of privilege vulnerability in kernel security subsystem | CVE-2016-7042 | High | Yes |
| Elevation of privilege vulnerability in kernel performance subsystem | CVE-2017-0403 | High | Yes |
| Elevation of privilege vulnerability in kernel sound subsystem | CVE-2017-0404 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | CVE-2016-8452 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm radio driver | CVE-2016-5345 | High | Yes |
| Elevation of privilege vulnerability in kernel profiling subsystem | CVE-2016-9754 | High | Yes |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | CVE-2016-8453, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457 | High | Yes |
| Elevation of privilege vulnerability in Synaptics touchscreen driver | CVE-2016-8458 | High | Yes |
| Information disclosure vulnerability in NVIDIA video driver | CVE-2016-8460 | High | Yes |
| Information disclosure vulnerability in bootloader | CVE-2016-8461, CVE-2016-8462 | High | Yes |
| Denial of service vulnerability in Qualcomm FUSE file system | CVE-2016-8463 | High | No* |
| Denial of service vulnerability in bootloader | CVE-2016-8467 | High | Yes |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | CVE-2016-8464, CVE-2016-8465, CVE-2016-8466 | Moderate | Yes |
| Elevation of privilege vulnerability in bootloader | CVE-2016-8467 | Moderate | Yes |
| Elevation of privilege vulnerability in Binder | CVE-2016-8468 | Moderate | Yes |
| Information disclosure vulnerability in NVIDIA camera driver | CVE-2016-8469 | Moderate | Yes |
| Information disclosure vulnerability in MediaTek driver | CVE-2016-8470, CVE-2016-8471, CVE-2016-8472 | Moderate | No* |
| Information disclosure vulnerability in STMicroelectronics driver | CVE-2016-8473, CVE-2016-8474 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm audio post processor | CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402 | Moderate | Yes |
| Information disclosure vulnerability in HTC input driver | CVE-2016-8475 | Moderate | Yes |
| Denial of service vulnerability in kernel file system | CVE-2014-9420 | Moderate | Yes |
Como ha sido la costumbre, se espera que Google cuente con el apoyo de proveedoras y manufactureros que se dejen llevar con los boletines, pero puedo contar con los dedos las empresas que mantienen consistencia por X o Y razón y al menos, la gigante de Internet no obliga a adoptar los boletines por el momento.
