LG 모바일 보안 요약 (SMR)

7 월 Security Bulletin에는 Google 및 LGE의 취약점에 대한 120 개의 패치가 포함되어 있습니다. 이 중 가장 심각한 취약점은 Qualcomm Bluetooth 드라이버의 원격 코드 실행 취약점으로 인해 근접 공격자가 커널 컨텍스트 내에서 임의 코드를 실행할 수 있다는 것입니다. 또한 취약점에 대한 패치도 포함되어 있습니다. 거의 보안 패치 수준은 "2017-07-01"이고 패치에는 119 CVE 및 1 LVE 항목에 대한 수정 코드가 포함되어 있습니다.

보안 문제 요약

Google 패치의 CVE 항목 (Android Bulletin July 2017)

https://source.android.com/security/bulletin/2017-07-01

결정적인:
CVE-2017-0540, CVE-2017-0673, CVE-2017-0674, CVE-2017-0675, CVE-2017-0676, CVE-2017-0677, CVE-2017-0678, CVE-2017-0679, CVE-2017-0680, CVE-2017-0681, CVE-2017-0469, CVE-2017-7371, CVE-2014-9960, CVE-2014-9961, CVE-2014-9953, CVE-2014-9967, CVE-2015-9026, CVE-2015-9027, CVE-2015-9008, CVE-2015-9009, CVE-2015-9010, CVE-2015-9011, CVE-2015-9024, CVE-2015-9012, CVE-2015-9013, CVE-2015-9014, CVE-2015-9015, CVE-2015-9029, CVE-2016-10338, CVE-2016-10336, CVE-2016-10333, CVE-2016-10341, CVE-2016-10335, CVE-2016-10340, CVE-2016-10334, CVE-2016-10339, CVE-2016-10298, CVE-2016-10299
높은:
CVE-2017-0664, CVE-2017-0665, CVE-2017-0666, CVE-2017-0667, CVE-2017-0669, CVE-2017-0670, CVE-2017-0671, CVE-2017-0672, CVE-2016-2109, CVE-2017-0682, CVE-2017-0683, CVE-2017-0684, CVE-2017-0685, CVE-2017-0686, CVE-2017-0688, CVE-2017-0689, CVE-2017-0690, CVE-2017-0691, CVE-2017-0692, CVE-2017-0693, CVE-2017-0694, CVE-2017-0695, CVE-2017-0696, CVE-2017-0697, CVE-2017-0700, CVE-2017-0701, CVE-2017-0702, CVE-2017-0703, CVE-2017-0704, CVE-2017-0642, CVE-2017-7365, CVE-2017-0636, CVE-2017-0648, CVE-2017-7366, CVE-2017-7367, CVE-2014-9954, CVE-2014-9955, CVE-2014-9956, CVE-2014-9957, CVE-2014-9958, CVE-2014-9962, CVE-2014-9963, CVE-2014-9959, CVE-2014-9964, CVE-2014-9965, CVE-2014-9966, CVE-2015-9023, CVE-2015-9020, CVE-2015-9021, CVE-2015-9025, CVE-2015-9022, CVE-2015-9028, CVE-2015-9031, CVE-2015-9032, CVE-2015-9033, CVE-2015-9030, CVE-2016-10332, CVE-2016-10337, CVE-2016-10342
보통의:
CVE-2017-3544, CVE-2017-0668, CVE-2017-0698, CVE-2017-0699, CVE-2017-5864, CVE-2017-7368, CVE-2017-7369, CVE-2017-0451, CVE-2017-7370, CVE-2016-5861, CVE-2017-7373, CVE-2017-7372, CVE-2017-8242, CVE-2017-0649, CVE-2017-8233, CVE-2017-8236, CVE-2017-8237, CVE-2017-0579, CVE-2017-8239, CVE-2017-8240, CVE-2015-7995
낮은:
CVE-2017-0651
LG 전자의 LG Vulnerabilities and Exposures (LVE) 항목

높은:
LVE-SMP-170015
보안 문제 세부 정보

Android Security Bulletin 사이트 에서 Google 패치에 대한 세부 정보를 볼 수 있습니다 . 보안 문제, 심각도, 영향을받는 장치 정보 및보고 된 날짜에 대한 설명이 있습니다.

7월 안드로이드 취약점 정보 : https://source.android.com/security/bulletin/

LVE-SMP-170015
심각도 : 높음
보고 된 날짜 : 2017 년 6 월 29 일
영향을받는 장치 정보 : Android OS 6.0.1, 7.0
설명 :
숨겨진 메뉴를 무단으로 활성화 할 수 있습니다. 이 패치는 숨겨진 메뉴에서 민감한 기능을 제거합니다.


저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

LG Mobile Security Maintenance Release Summary (SMR)

The March Security Bulletin contains the 54 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through. The security patch level is [2017-03-01] and the patches contains the fix for the 54 CVE items.

Security issues Summary

CVE Items from Google patch (Android Bulletin March 2017)
  • critical: 
    CVE-2016-2182
    , 
    CVE-2017-0466
    , 
    CVE-2017-0467
    , 
    CVE-2017-0468
    , 
    CVE-2017-0469
    , 
    CVE-2017-0470
    , 
    CVE-2017-0471
    , 
    CVE-2017-0472
    , 
    CVE-2017-0473
    , 
    CVE-2017-0474
    , 
    CVE-2017-0475
    , 
    CVE-2016-8418
    , 
    CVE-2017-0427
    , 
    CVE-2014-9914
    , 
    CVE-2017-0430
    , 
    CVE-2017-0431
  • high: 
    CVE-2017-0476
    , 
    CVE-2017-0477
    , 
    CVE-2017-0478
    , 
    CVE-2017-0479
    , 
    CVE-2017-0480
    , 
    CVE-2017-0481
    , 
    CVE-2017-0482
    , 
    CVE-2017-0483
    , 
    CVE-2017-0484
    , 
    CVE-2017-0485
    , 
    CVE-2017-0486
    , 
    CVE-2017-0487
    , 
    CVE-2017-0488
    , 
    CVE-2017-0390
    , 
    CVE-2017-0392
    , 
    CVE-2017-0432
    , 
    CVE-2017-0433
    , 
    CVE-2017-0434
    , 
    CVE-2016-8480
    , 
    CVE-2016-8481
    , 
    CVE-2016-0435
    , 
    CVE-2016-0436
    , 
    CVE-2017-0444
  • moderate: 
    CVE-2017-0489
    , 
    CVE-2017-0490
    , 
    CVE-2017-0491
    , 
    CVE-2017-0492
    , 
    CVE-2017-0494
    , 
    CVE-2017-0495
    , 
    CVE-2017-0496
    , 
    CVE-2017-0497
    , 
    CVE-2017-0498
    , 
    CVE-2017-0449
    , 
    CVE-2017-0450
    , 
    CVE-2016-10044
    , 
    CVE-2016-8414
    , 
    CVE-2017-0451
  • low: 
    CVE-2017-0499
LG Vulnerabilities and Exposures(LVE) Items from LG
  • There is no LG Specific security issue in this LG SMR

Security issues Details

You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.


저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

LG Mobile Security Maintenance Release Summary (SMR)

The February Security Bulletin contains the 72 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The security patch level is [2107-02-01] and the patches contains the fix for the 72 CVE items.

Security issues Summary

CVE Items from Google patch (Android Bulletin February 2017)
  • critical: 
    CVE-2017-0405
    , 
    CVE-2017-0406
    , 
    CVE-2017-0407
    , 
    CVE-2015-3288
    , 
    CVE-2016-8422
    , 
    CVE-2016-8423
    , 
    CVE-2015-5706
    , 
    CVE-2016-8433
    , 
    CVE-2016-8434
    , 
    CVE-2016-8435
    , 
    CVE-2016-8436
    , 
    CVE-2016-9120
    , 
    CVE-2016-8398
    , 
    CVE-2016-8437
    , 
    CVE-2016-8438
    , 
    CVE-2016-8439
    , 
    CVE-2016-8440
    , 
    CVE-2016-8441
    , 
    CVE-2016-8442
    , 
    CVE-2016-8443
    , 
    CVE-2016-8459
    , 
    CVE-2016-5080
  • high: 
    CVE-2017-0408
    , 
    CVE-2017-0409
    , 
    CVE-2016-5552
    , 
    CVE-2017-0410
    , 
    CVE-2017-0411
    , 
    CVE-2017-0412
    , 
    CVE-2017-0415
    , 
    CVE-2017-0416
    , 
    CVE-2017-0417
    , 
    CVE-2017-0418
    , 
    CVE-2017-0419
    , 
    CVE-2017-0421
    , 
    CVE-2017-0422
    , 
    CVE-2016-8412
    , 
    CVE-2016-8444
    , 
    CVE-2016-8445
    , 
    CVE-2016-8446
    , 
    CVE-2016-8447
    , 
    CVE-2016-8448
    , 
    CVE-2016-8449
    , 
    CVE-2016-8450
    , 
    CVE-2016-8451
    , 
    CVE-2016-7042
    , 
    CVE-2017-0403
    , 
    CVE-2017-0404
    , 
    CVE-2016-8452
    , 
    CVE-2016-5345
    , 
    CVE-2016-9754
    , 
    CVE-2016-8453
    , 
    CVE-2016-8454
    , 
    CVE-2016-8455
    , 
    CVE-2016-8456
    , 
    CVE-2016-8457
    , 
    CVE-2016-8458
    , 
    CVE-2016-8460
    , 
    CVE-2016-8461
    , 
    CVE-2016-8462
    , 
    CVE-2016-8463
  • moderate: 
    CVE-2017-0423
    , 
    CVE-2017-0425
    , 
    CVE-2017-0426
    , 
    CVE-2016-8464
    , 
    CVE-2016-8465
    , 
    CVE-2016-8466
    , 
    CVE-2016-8468
    , 
    CVE-2016-3853
    , 
    CVE-2016-8469
    , 
    CVE-2016-8470
    , 
    CVE-2016-8471
    , 
    CVE-2016-8472
LG Vulnerabilities and Exposures(LVE) Items from LG
  • There is no LG Specific security issue in this LG SMR

Security issues Details

You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.


저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

The December Security Bulletin contains the 68 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The security patch level is [2016-12-01] and the patches contains the fix for the 67 CVE items and the 1 LVE items. The LG vulnerabilities and exposures (LVE) items are described in detail below.

Security issues Summary

CVE Items from Google patch (Android Bulletin December 2016)

critical:
CVE-2016-3862, CVE-2016-6727, CVE-2016-6725, CVE-2016-6726, CVE-2016-6728, CVE-2016-6729, CVE-2016-6828, CVE-2016-2184, CVE-2016-7910, CVE-2016-7911, CVE-2015-8961, CVE-2015-8962, CVE-2016-7912, CVE-2016-7913, CVE-2016-6737, CVE-2013-7446
high:
CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-6762, CVE-2015-6621, CVE-2016-6704, CVE-2016-6763, CVE-2016-6764, CVE-2016-6765, CVE-2016-6766, CVE-2016-6767, CVE-2016-6768, CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283, CVE-2016-6754, CVE-2014-9675, CVE-2016-6136, CVE-2016-6738, CVE-2016-6739, CVE-2016-6740, CVE-2016-6741, CVE-2016-3904, CVE-2016-6742, CVE-2016-6743, CVE-2016-6744, CVE-2016-6745, CVE-2015-8963, CVE-2014-9874, CVE-2016-3850, CVE-2016-7914, CVE-2015-8964, CVE-2016-7915, CVE-2016-7916
moderate:
CVE-2016-6769, CVE-2016-6770, CVE-2016-6771, CVE-2016-6772, CVE-2016-6773, CVE-2016-6774, CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752, CVE-2016-6753, CVE-2016-7917, CVE-2016-7917
LG Vulnerabilities and Exposures(LVE) Items from LG

high:
LVE-SMP-160010
Security issues Details

You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.

LVE-SMP-160010 : LG CloudHub vulnerabilities
Severity : High
Date reported : Jul-07-2016
Affected device Informaion : L(5.0/5.1), M(6.0)
Description :
When the LG cloudhub opens public facing HTTP server, this server allows an attacker on the same network to query and steal confidential files from a user's Dropbox account. The fix is designed to encryption and signing the parameters of HTTP server in Cloudhub.
Acknowledgements
We would like to thank the following researchers for their contributions.
Masande Mtintsilana of MWR InfoSecurity : LVE-SMP-160010

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

The November Security Bulletin contains the 94 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The security patch level is [2016-11-01] and the patches contains the fix for the next 94 CVE items.

Security issues Summary

CVE Items from Google patch (Android Bulletin November 2016)

critical:
CVE-2016-6699, CVE-2016-2108, CVE-2016-3862, CVE-2016-6700, CVE-2016-3926, CVE-2016-0758, CVE-2016-3927, CVE-2016-3928, CVE-2016-5340, CVE-2016-7117
high:
CVE-2016-6701, CVE-2016-6702, CVE-2016-6703, CVE-2016-6704, CVE-2016-6705, CVE-2016-6706, CVE-2016-6707, CVE-2016-6708, CVE-2016-3912, CVE-2016-3911, CVE-2016-6709, CVE-2016-6710, CVE-2014-9908, CVE-2015-0410, CVE-2016-6711, CVE-2016-6712, CVE-2016-6713, CVE-2016-6714, CVE-2016-3754, CVE-2016-2059, CVE-2016-3929, CVE-2016-3930, CVE-2016-3931, CVE-2016-3932, CVE-2016-3933, CVE-2016-3903, CVE-2016-3934, CVE-2015-8951, CVE-2016-3901, CVE-2016-3935, CVE-2016-3936, CVE-2016-3937, CVE-2016-3938, CVE-2016-3939, CVE-2016-3940, CVE-2016-6672, CVE-2016-6673, CVE-2016-6674, CVE-2016-3905, CVE-2016-6675, CVE-2016-6676, CVE-2016-5342, CVE-2015-8955, CVE-2015-8950, CVE-2016-6677, CVE-2016-3809, CVE-2016-6691, CVE-2016-6692, CVE-2016-6693, CVE-2016-6694, CVE-2016-6695, CVE-2016-6696, CVE-2016-5344, CVE-2016-6697
moderate:
CVE-2016-3921, CVE-2016-3922, CVE-2016-3923, CVE-2016-3885, CVE-2016-3924, CVE-2016-3925, CVE-2016-3892, CVE-2016-3893, CVE-2016-3894, CVE-2016-4998, CVE-2015-2922
LG Vulnerabilities and Exposures(LVE) Items from LG

There is no LG Specific security issue in this LG SMR
Security issues Details

You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

티스토리 툴바