So far, the new security fixes published by Google include 138 bugs, each with its CVE number. 18 of them are tagged as Remote Code Execution (RCE). The bugs were denominated as such because they stand for vulnerabilities which could be caused by crooks running outside programs. The RCE bugs are used for what players call “drive-by” attacks. These attacks imply that even by just checking your email or a webpage could leave you infected with malware.
The 2017 RCE from the month of July published by Google can be found under the title “Media Framework”. Basically, that stands for flaws into the Android operating system which can be found when displaying images or videos.
These kinds of dangerous bugs have been compared with the 2015 Stagefright bug that the Android operating system had. Both types of bugs use the same operating manner: the bugs do not raise suspicions because most images and videos come embedded in innocent looking web pages or simply MMS messages.
Another RCE bug listed by Google was found in the system’s FTP client (built-in) and it affected all Android versions (from 4.4.4 to 7.1.2.).
According to connoisseurs, the most anticipated bug was the one denominated “Proxiamte attacker”. This bug is an RCE flaw found in the Broadcom Wi-Fi code, only found in equipments that are designed to have certain Broadcom wireless chips. This implies that if a crook happens to be within the Wi-Fi range, they could use booby-trapped network packets which in turn will get a bug into the wireless device.
What about the Broadcom RCE patch?
SO far, the one who discovered the bug has not given any solution but he will present his findings and conclusions in Vegas at the Black Hat conference.