From InfoWorld: The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.
The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise.
Similar high-risk flaws were fixed in the Broadcom Wi-Fi driver, Nvidia camera driver, and MediaTek power-management driver. These vulnerabilities can give regular applications access to privileges or system settings that they shouldn't have. In some cases, the flaws allow kernel code execution, but only if the attacker compromises a different service first to communicate with the vulnerable driver.
These flaws are a warning that chipset makers should put more effort into testing their code, which typically consists of drivers that run in the most privileged areas of the OS.
View: Article @ Source Site
