The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability announce CVE-2016-0834 CVE-2016-0835 CVE-2016-0836

Google Android OS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Android OS.
Vulnerable products: Android OS.
Severity of this weakness: 4/4.
Consequences of a hack: user access/rights, data reading, denial of service on client.
Hacker's origin: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 05/04/2016.
Références of this bulletin: 706, 711, CERTFR-2016-AVI-113, CVE-2016-0834, CVE-2016-0835, CVE-2016-0836, CVE-2016-0837, CVE-2016-0838, CVE-2016-0839, CVE-2016-0840, CVE-2016-0841, CVE-2016-0842, CVE-2016-0843, CVE-2016-0844, CVE-2016-0846, CVE-2016-0847, CVE-2016-0848, CVE-2016-0849, CVE-2016-0850, CVE-2016-1503, CVE-2016-2409, CVE-2016-2410, CVE-2016-2411, CVE-2016-2412, CVE-2016-2413, CVE-2016-2414, CVE-2016-2415, CVE-2016-2416, CVE-2016-2417, CVE-2016-2418, CVE-2016-2419, CVE-2016-2420, CVE-2016-2421, CVE-2016-2422, CVE-2016-2423, CVE-2016-2424, CVE-2016-2425, CVE-2016-2426, CVE-2016-2427, VIGILANCE-VUL-19302.

Description of the vulnerability

Several vulnerabilities were announced in Google Android OS.

An attacker can use a vulnerability in DHCPCD, in order to run code. [severity:4/4; CVE-2016-1503]

An attacker can use a vulnerability in Media Codec, in order to run code. [severity:4/4; CVE-2016-0834]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0835]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0836]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0837]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0838]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0839]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0840]

An attacker can use a vulnerability in Mediaserver, in order to run code. [severity:4/4; CVE-2016-0841]

An attacker can use a vulnerability in libstagefright, in order to run code. [severity:4/4; CVE-2016-0842]

An attacker can bypass security features in Qualcomm Performance Module, in order to escalate his privileges. [severity:4/4; CVE-2016-0843]

An attacker can bypass security features in Qualcomm RF Component, in order to escalate his privileges. [severity:4/4; CVE-2016-0844]

An attacker can bypass security features in IMemory Native Interface, in order to escalate his privileges. [severity:3/4; CVE-2016-0846]

An attacker can bypass security features in Telecom Component, in order to escalate his privileges. [severity:3/4; CVE-2016-0847]

An attacker can bypass security features in Download Manager, in order to escalate his privileges. [severity:3/4; CVE-2016-0848]

An attacker can bypass security features in Recovery Procedure, in order to escalate his privileges. [severity:3/4; CVE-2016-0849]

An attacker can bypass security features in Bluetooth, in order to escalate his privileges. [severity:3/4; CVE-2016-0850]

An attacker can bypass security features in Texas Instruments Haptic Driver, in order to escalate his privileges. [severity:3/4; CVE-2016-2409]

An attacker can bypass security features in Video Kernel Driver, in order to escalate his privileges. [severity:3/4; CVE-2016-2410]

An attacker can bypass security features in Qualcomm Power Management Component, in order to escalate his privileges. [severity:3/4; CVE-2016-2411]

An attacker can bypass security features in System_server, in order to escalate his privileges. [severity:3/4; CVE-2016-2412]

An attacker can bypass security features in Mediaserver, in order to escalate his privileges. [severity:3/4; CVE-2016-2413]

An attacker can trigger a fatal error in Minikin, in order to trigger a denial of service. [severity:2/4; CVE-2016-2414]

An attacker can bypass security features in Exchange ActiveSync, in order to obtain sensitive information. [severity:3/4; CVE-2016-2415]

An attacker can bypass security features in Mediaserver, in order to obtain sensitive information. [severity:3/4; CVE-2016-2416]

An attacker can bypass security features in Mediaserver, in order to obtain sensitive information. [severity:3/4; CVE-2016-2417]

An attacker can bypass security features in Mediaserver, in order to obtain sensitive information. [severity:3/4; CVE-2016-2418]

An attacker can bypass security features in Mediaserver, in order to obtain sensitive information. [severity:3/4; CVE-2016-2419]

An attacker can bypass security features in Debuggerd Component, in order to escalate his privileges. [severity:2/4; CVE-2016-2420]

An attacker can bypass security features in Setup Wizard, in order to escalate his privileges. [severity:2/4; CVE-2016-2421]

An attacker can bypass security features in Wi-Fi, in order to escalate his privileges. [severity:2/4; CVE-2016-2422]

An attacker can bypass security features in Telephony, in order to escalate his privileges. [severity:2/4; CVE-2016-2423]

An attacker can trigger a fatal error in SyncStorageEngine, in order to trigger a denial of service. [severity:2/4; CVE-2016-2424]

An attacker can bypass security features in AOSP Mail, in order to obtain sensitive information. [severity:2/4; CVE-2016-2425]

An attacker can bypass security features in Framework, in order to obtain sensitive information. [severity:2/4; CVE-2016-2426]

An attacker can bypass security features in BouncyCastle, in order to obtain sensitive information. [severity:2/4; CVE-2016-2427]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability patch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.