A security researcher from Check Point Software Technologies, Adam Donenfeld presented four rooting flaws of Android devices in Def Con Security Conference in Las Vegas on 7th August which was reported to the chipset maker company Qualcomm between February and April.
Qualcomm has addressed the vulnerabilities as high severity and released fixes for all of them. However, still many Android devices might be exposed to this vulnerability as there are many older Android devices which do not receive any firmware updates or else receive after a long delay.
Check Point Software came out with an application called QuadRooter Scanner available in Google Play that let users check if their devices are attacked by any of the four flaws.
These flaws are tracked as CVE-2016-2059, CVE-2016-2503, CVE-2016-2504 and CVE-2016-5340 which are situated in various drivers being provided by Qualcomm to the device manufacturer. Qualcomm has released the fixes for all four flaws, however, Google has distributed only three patches as of now. The patch for flaw CVE-2016-5340 is still not distributed by Google. But device manufacturers can always obtain it from the Qualcomm’s open source project, Code Aurora. Google will address the fourth flaws in their upcoming Android security Bulletin.
Any exploitation of these flaws will cause the download of a malicious application in your device, according to the representative from Google. While it is also true that exploitation of any of these vulnerabilities is only possible through any rouge application but not through browsing, emailing or SMS.
While Qualcomm has identified these vulnerabilities as high severity, Google, and researcher from Check Point Software do not agree that point and they have stated the flaws as low severity. Google has also noted that the flaw CVE-2016-2059 can be allied through SELinux, even though Check Point Software does not agree this assessment from Google.