728x90
LG Mobile Security Maintenance Release Summary (SMR)
The August Security Bulletin contains the 61 patches for the vulnerabilities from Google and LGE. The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. It also includes patches for the vulnerabilities. Almost security patch level is "2017-08-01" and the patches contains modified codes about the 60 CVE and 1 LVE items.
Security issues Summary
CVE Items from Google patch (Android Bulletin August 2017)
- critical: CVE-2017-0714,CVE-2017-0715,CVE-2017-0716,CVE-2017-0718,CVE-2017-0719,CVE-2017-0720,CVE-2017-0721,CVE-2017-0722,CVE-2017-0723,CVE-2017-0745,CVE-2017-0407,CVE-2017-9417
- high: CVE-2017-0713,CVE-2017-0724,CVE-2017-0725,CVE-2017-0726,CVE-2017-0727,CVE-2017-0728,CVE-2017-0729,CVE-2017-0730,CVE-2017-0731,CVE-2017-0732,CVE-2017-0733,CVE-2017-0734,CVE-2017-0735,CVE-2017-0736,CVE-2017-0687,CVE-2017-0737,CVE-2017-6074,CVE-2017-5970,CVE-2017-0711,CVE-2017-8255,CVE-2016-10389,CVE-2017-8253,CVE-2017-8262,CVE-2017-8263,CVE-2017-8267,CVE-2017-8273
- moderate: CVE-2017-0712,CVE-2017-0738,CVE-2017-0739,CVE-2017-0705,CVE-2017-0706,CVE-2015-5707,CVE-2017-0710,CVE-2017-7308,CVE-2014-9731,CVE-2016-5863,CVE-2017-8243,CVE-2017-8246,CVE-2017-8256,CVE-2017-8257,CVE-2017-8259,CVE-2017-8260,CVE-2017-8261,CVE-2017-8264,CVE-2017-8265,CVE-2017-8266,CVE-2017-8268,CVE-2017-8270,CVE-2017-8271,CVE-2017-8272,CVE-2017-8254,CVE-2017-8258,CVE-2017-8269
- low: N/A
LG Vulnerabilities and Exposures(LVE) Items from LG
- high: LVE-SMP-170014
Security issues Details
You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.
LVE-SMP-170014- Severity : High
- Date reported : April 20, 2017
- Affected device information : Android devices with OS 6.0, 6.0.1, 7.0.0, 7.1.1
- Description :
After Android for Work(AfW) work profile provisioned, users cannot install certificates into work profile keystore due to the master key inexistence that usally used to encrypt or decrypt all keys in work profile keystore.
728x90
'취약점 정보2' 카테고리의 다른 글
| ffmpeg security update (0) | 2017.09.01 |
|---|---|
| WinDbg 업데이트 (0) | 2017.08.30 |
| 삼성 모바일 8월 업데이트 안내 (0) | 2017.08.25 |
| Apache2Triad 1.5.4 CSRF / XSS / Session Fixation (0) | 2017.08.22 |
| Microsoft Resnet - DNS Configuration Web Vulnerability (0) | 2017.08.22 |