TTCSIRT-164.091318: TT-CSIRT Advisory – Android Security Updates

TTCSIRT-164.091318: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following issues have been discovered in the Android OS:

a) An remote code vulnerability in Android Runtime – (CVE-2018-9466).

b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467).

c) An information disclosure vulnerability in Framework – (CVE-2018-9468).

d) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9469, CVE-2018-9470, CVE-2018-9471).

e) An information disclosure vulnerability in Kernel components – (CVE-2017-5754).

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process.

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2018-096/