The December Security Bulletin contains the 68 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The security patch level is [2016-12-01] and the patches contains the fix for the 67 CVE items and the 1 LVE items. The LG vulnerabilities and exposures (LVE) items are described in detail below.
Security issues Summary
CVE Items from Google patch (Android Bulletin December 2016)
critical:
CVE-2016-3862, CVE-2016-6727, CVE-2016-6725, CVE-2016-6726, CVE-2016-6728, CVE-2016-6729, CVE-2016-6828, CVE-2016-2184, CVE-2016-7910, CVE-2016-7911, CVE-2015-8961, CVE-2015-8962, CVE-2016-7912, CVE-2016-7913, CVE-2016-6737, CVE-2013-7446
high:
CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-6762, CVE-2015-6621, CVE-2016-6704, CVE-2016-6763, CVE-2016-6764, CVE-2016-6765, CVE-2016-6766, CVE-2016-6767, CVE-2016-6768, CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283, CVE-2016-6754, CVE-2014-9675, CVE-2016-6136, CVE-2016-6738, CVE-2016-6739, CVE-2016-6740, CVE-2016-6741, CVE-2016-3904, CVE-2016-6742, CVE-2016-6743, CVE-2016-6744, CVE-2016-6745, CVE-2015-8963, CVE-2014-9874, CVE-2016-3850, CVE-2016-7914, CVE-2015-8964, CVE-2016-7915, CVE-2016-7916
moderate:
CVE-2016-6769, CVE-2016-6770, CVE-2016-6771, CVE-2016-6772, CVE-2016-6773, CVE-2016-6774, CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752, CVE-2016-6753, CVE-2016-7917, CVE-2016-7917
LG Vulnerabilities and Exposures(LVE) Items from LG
high:
LVE-SMP-160010
Security issues Details
You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.
LVE-SMP-160010 : LG CloudHub vulnerabilities
Severity : High
Date reported : Jul-07-2016
Affected device Informaion : L(5.0/5.1), M(6.0)
Description :
When the LG cloudhub opens public facing HTTP server, this server allows an attacker on the same network to query and steal confidential files from a user's Dropbox account. The fix is designed to encryption and signing the parameters of HTTP server in Cloudhub.
Acknowledgements
We would like to thank the following researchers for their contributions.
Masande Mtintsilana of MWR InfoSecurity : LVE-SMP-160010
'취약점 정보2' 카테고리의 다른 글
| **골프장사이트 파밍 악성코드 주의 (0) | 2016.12.05 |
|---|---|
| INISAFE ActiveX 보안 업데이트 권고 (0) | 2016.12.05 |
| 크롬 샌드박스 이슈 (0) | 2016.12.03 |
| Chrome Releases (크롬 업데이트) (0) | 2016.12.03 |
| 곰플레이어 PC 버전 업데이트 안내 (0) | 2016.12.01 |
