Skip to main content

Android "QuadRooter" Multiple Vulnerabilities

Last Update Date: 8 Sep 2016 Release Date: 9 Aug 2016 7371 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple Vulnerabilities have been identified in Android, also known as "QuadRooter", which could be exploited by an attacker to cause elevation of privilege, security restriction bypass and sensitive information disclosure on the targeted system.

 

Notes: The chipset manufacturer Qualcomm has fixed the vulnerabilities for the chipset driver, but patch by device manufacturer is currently unavailable.


Impact

  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected


Solutions

  • Device patch
    • No device manufacturer provides the patches for all vulnerabilities.
    • The chipset manufacturer Qualcomm has fixed the vulnerabilities for the chipset driver, but it required individual device manufacturer to release the patch to their devices.
    • Please note that when vendor patch will be released is determined by device manufacturer. Please contact your device manufacturer for details.
  • Check Point has released a tool to check whether an Android device was affected by the vulnerabilities:
    https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
  • Attackers may trick users to install malicious apps to exploit the vulnerabilities.
    Do not install unknown apps, and must ensure that you download and install apps from trusted app store.
  • Updated on 2016-09-08:
    Google has released fixes for two remaining vulnerabilities (CVE-2016-2059 and CVE-2016-5340).

    https://groups.google.com/forum/#!forum/android-security-updates

 


Vulnerability Identifier


Source


Related Link