TTCSIRT-164.091318: TT-CSIRT Advisory – Android Security Updates
Google has released a security update stating that the following issues have been discovered in the Android OS:
a) An remote code vulnerability in Android Runtime – (CVE-2018-9466).
b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467).
c) An information disclosure vulnerability in Framework – (CVE-2018-9468).
d) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9469, CVE-2018-9470, CVE-2018-9471).
e) An information disclosure vulnerability in Kernel components – (CVE-2017-5754).
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process.
Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2018-096/ |