Como ya es de costumbre, Google ha anunciado los cambios y huecos de seguridad cubierto y trabajados desde el pasado mes de enero y aquí de lo que los equipos Android ahora estarán seguro.
Entre las fallas notables, Google y Qualcomm siguen trabajando en los drives de la manufacturera y en este caso una falla de seguridad de ejecución remota de código fue encontrado en el driver de criptografía.
Este y una falla a nivel de kernel, donde un usuario mal intencionado podía hacer elevación de privilegio con aplicaciones eran las fallas más graves según desarrolladores independientes.
Parchos efectivo el 1 de febrero
| Issue | CVE | Severity | Affects Google devices? |
|---|---|---|---|
| Remote code execution vulnerability in Surfaceflinger | CVE-2017-0405 | Critical | Yes |
| Remote code execution vulnerability in Mediaserver | CVE-2017-0406, CVE-2017-0407 | Critical | Yes |
| Remote code execution vulnerability in libgdx | CVE-2017-0408 | High | Yes |
| Remote code execution vulnerability in libstagefright | CVE-2017-0409 | High | Yes |
| Elevation of privilege vulnerability in Java.Net | CVE-2016-5552 | High | Yes |
| Elevation of privilege vulnerability in Framework APIs | CVE-2017-0410, CVE-2017-0411, CVE-2017-0412 | High | Yes |
| Elevation of privilege vulnerability in Mediaserver | CVE-2017-0415 | High | Yes |
| Elevation of privilege vulnerability in Audioserver | CVE-2017-0416, CVE-2017-0417, CVE-2017-0418, CVE-2017-0419 | High | Yes |
| Information disclosure vulnerability in AOSP Mail | CVE-2017-0420 | High | Yes |
| Information disclosure vulnerability in AOSP Messaging | CVE-2017-0413, CVE-2017-0414 | High | Yes |
| Information disclosure vulnerability in Framework APIs | CVE-2017-0421 | High | Yes |
| Denial of service vulnerability in Bionic DNS | CVE-2017-0422 | High | Yes |
| Elevation of privilege vulnerability in Bluetooth | CVE-2017-0423 | Moderate | Yes |
| Information disclosure vulnerability in AOSP Messaging | CVE-2017-0424 | Moderate | Yes |
| Information disclosure vulnerability in Audioserver | CVE-2017-0425 | Moderate | Yes |
| Information disclosure vulnerability in Filesystem | CVE-2017-0426 | Moderate | Yes |
Parchos efectivo el 5 de febrero
| Issue | CVE | Severity | Affects Google devices? |
|---|---|---|---|
| Remote code execution vulnerability in Qualcomm crypto driver | CVE-2016-8418 | Critical | No* |
| Elevation of privilege vulnerability in kernel file system | CVE-2017-0427 | Critical | Yes |
| Elevation of privilege vulnerability in NVIDIA GPU driver | CVE-2017-0428, CVE-2017-0429 | Critical | Yes |
| Elevation of privilege vulnerability in kernel networking subsystem | CVE-2014-9914 | Critical | Yes |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | CVE-2017-0430 | Critical | Yes |
| Vulnerabilities in Qualcomm components | CVE-2017-0431 | Critical | No* |
| Elevation of privilege vulnerability in MediaTek driver | CVE-2017-0432 | High | No* |
| Elevation of privilege vulnerability in Synaptics touchscreen driver | CVE-2017-0433, CVE-2017-0434 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver | CVE-2016-8480 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm sound driver | CVE-2016-8481, CVE-2017-0435, CVE-2017-0436 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2017-0440, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2016-8476 | High | Yes |
| Elevation of privilege vulnerability in Realtek sound driver | CVE-2017-0444 | High | Yes |
| Elevation of privilege vulnerability in HTC touchscreen driver | CVE-2017-0445, CVE-2017-0446, CVE-2017-0447 | High | Yes |
| Information disclosure vulnerability in NVIDIA video driver | CVE-2017-0448 | High | Yes |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | CVE-2017-0449 | Moderate | Yes |
| Elevation of privilege vulnerability in Audioserver | CVE-2017-0450 | Moderate | Yes |
| Elevation of privilege vulnerability in kernel file system | CVE-2016-10044 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm Secure Execution Environment Communicator | CVE-2016-8414 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm sound driver | CVE-2017-0451 | Moderate | Yes |
Debutando este mes, la canadiense BlackBerry también sometió mejoras y notificaciones a Google en el caso de fallas que permite elevación de privilegios y ejecuciones de códigos remotamente y que fueron ya incluidos también para los equipos Android bajo la marca BlackBerry.
