Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Android gets security overhaul with November patch bundle - if your mobe maker is kind enough to let you have it

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 6 Nov 2018 06:33:04 +0000 (UTC)
https://www.theregister.co.uk/2018/11/06/android_november_patches/

By Shaun Nichols
The Register
6 Nov 2018
Google today pushed out the November edition of its monthly Android security updates, giving carriers and device makers a fresh set of patches to install. Fingers cross the patches are rolled out to you ASAP.
The November bulletin contains fixes for three remote code execution flaws as well as a number of information disclosure and elevation of privilege vulnerabilities in various core components of Android.
The three RCEs, two rated "critical" risks (CVE-2018-9527, CVE-2018-9531) and one rated "high" (CVE-2018-9521), were all found within the Android media framework. If exploited by, say, a booby-trapped video or received multimedia message, malicious code within the material could be executed with sufficient privileges to spy on the phone's owner and cause other mischief. Two elevation of privilege bugs (CVE-2018-9536, CVE-2018-9537) in the media framework were also classified as critical security risks.
The Android system component was the subject of six CVE bug entries, each for information disclosure flaws that, if successfully exploited, would give a remote attacker the ability to view user data that would normally only be visible to local apps. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: