Android "QuadRooter" Multiple Vulnerabilities
Last Update Date:
8 Sep 2016
Release Date:
9 Aug 2016
7371
Views
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple Vulnerabilities have been identified in Android, also known as "QuadRooter", which could be exploited by an attacker to cause elevation of privilege, security restriction bypass and sensitive information disclosure on the targeted system.
Notes: The chipset manufacturer Qualcomm has fixed the vulnerabilities for the chipset driver, but patch by device manufacturer is currently unavailable.
Impact
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Android devices using Qualcomm chipsets. For details, please refer to the list on the following webpage:
http://blog.checkpoint.com/2016/08/07/quadrooter/
Solutions
- Device patch
- No device manufacturer provides the patches for all vulnerabilities.
- The chipset manufacturer Qualcomm has fixed the vulnerabilities for the chipset driver, but it required individual device manufacturer to release the patch to their devices.
- Please note that when vendor patch will be released is determined by device manufacturer. Please contact your device manufacturer for details.
- Check Point has released a tool to check whether an Android device was affected by the vulnerabilities:
https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter - Attackers may trick users to install malicious apps to exploit the vulnerabilities.
Do not install unknown apps, and must ensure that you download and install apps from trusted app store. - Updated on 2016-09-08:
Google has released fixes for two remaining vulnerabilities (CVE-2016-2059 and CVE-2016-5340).https://groups.google.com/forum/#!forum/android-security-updates
Vulnerability Identifier
Source
Related Link
Share with