Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if the devices have Broadcom chips.
The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel’s memory and allow for the execution of arbitrary code in the kernel—the highest privileged area of the operating system.
These flaws are critical because the attack doesn’t require any user interaction, can be exploited remotely and can lead to a complete device compromise.
The driver for Wi-Fi chips from Qualcomm also had a critical vulnerability that could result in arbitrary code execution with kernel privileges. However, it could only be exploited by a locally installed application.
Finally, a third vulnerability was located in the Wi-Fi component and could be exploited by a local application to execute code with system privileges. This vulnerability was rated as high.
Google’s new patches also fix two critical remote code execution vulnerabilities in mediaserver, a component that handles audio and video file parsing, one critical flaw in Qualcomm’s performance event manager component for ARM processors and one in the Debugger daemon component.
The vulnerabilities in the Qualcomm performance module and Debuggerd could be exploited by local applications and the flaw in mediaserver could be exploited through specially crafted media files loaded from websites or embedded into multimedia messages.
The company also fixed high-impact vulnerabilities in libraries including mediaserver and libmediaplayerservice, and two moderate flaws in setup wizard. These flaws could lead to denial of service, information disclosure, privilege escalation and security bypasses.
Google shared information about these flaws with its OEM partners on Jan. 4 and released firmware updates for its Nexus devices Monday. Android firmware that incorporates these fixes should have a security patch level string of February 1, 2016 or later.
The company will also publish these patches to the Android Open Source Project so that other Android-based operating systems such as CyanogenMod can integrate them.