Attackers could compromise devices with Broadcom Wi-Fi chips over the wireless network Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel’s memory and allow for the execution of arbitrary code in the kernel — the highest privileged area of the operating system.These flaws are critical because the attack doesn’t require any user interaction, can be exploited remotely and can lead to a complete device compromise.The driver for Wi-Fi chips from Qualcomm also had a critical vulnerability that could result in arbitrary code execution with kernel privileges. However, it could only be exploited by a locally installed application. Finally, a third vulnerability was located in the Wi-Fi component and could be exploited by a local application to execute code with system privileges. This vulnerability was rated as high.Google’s new patches also fix two critical remote code execution vulnerabilities in mediaserver, a component that handles audio and video file parsing, one critical flaw in Qualcomm’s performance event manager component for ARM processors and one in the Debugger daemon component. The vulnerabilities in the Qualcomm performance module and Debuggerd could be exploited by local applications and the flaw in mediaserver could be exploited through specially crafted media files loaded from websites or embedded into multimedia messages.The company also fixed high-impact vulnerabilities in libraries including mediaserver and libmediaplayerservice, and two moderate flaws in setup wizard. These flaws could lead to denial of service, information disclosure, privilege escalation and security bypasses.Google shared information about these flaws with its OEM partners on Jan. 4 and released firmware updates for its Nexus devices Monday. Android firmware that incorporates these fixes should have a security patch level string of February 1, 2016 or later.The company will also publish these patches to the Android Open Source Project so that other Android-based operating systems such as CyanogenMod can integrate them. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe