TTCSIRT-171.100818: TT-CSIRT Advisory – Android Security Updates
Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System:
a) A denial of service vulnerability in Framework – (CVE-2018-9452).
b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9490, CVE-2018-9492).
c) An information disclosure vulnerability in Framework – (CVE-2018-9493).
d) A remote code vulnerability in Framework – (CVE-2018-9491).
e) An information disclosure vulnerability in Media Framework – (CVE-2018-9499).
f) Multiple remote code vulnerabilities in Media Framework – (CVE-2018-9473, CVE-2018-9496, CVE-2018-9497, CVE-2018-9498).
g) Multiple information disclosure vulnerabilities in System – (CVE-2018-9502).
h) Multiple remote code vulnerabilities in System – (CVE-2017-13283, CVE-2018-9504).
i) A denial of service vulnerability in System – (CVE-2018-9511).
j) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9476, CVE-2018-9501).
k) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2018-9513, CVE-2018-9514, CVE-2018-9515).
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process.
Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2018-108/ |