TTCSIRT-171.100818: TT-CSIRT Advisory – Android Security Updates

TTCSIRT-171.100818: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System:

a) A denial of service vulnerability in Framework – (CVE-2018-9452).

b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9490, CVE-2018-9492).

c) An information disclosure vulnerability in Framework – (CVE-2018-9493).

d) A remote code vulnerability in Framework – (CVE-2018-9491).

e) An information disclosure vulnerability in Media Framework – (CVE-2018-9499).

f) Multiple remote code vulnerabilities in Media Framework – (CVE-2018-9473, CVE-2018-9496, CVE-2018-9497, CVE-2018-9498).

g) Multiple information disclosure vulnerabilities in System – (CVE-2018-9502).

h) Multiple remote code vulnerabilities in System – (CVE-2017-13283, CVE-2018-9504).

i) A denial of service vulnerability in System – (CVE-2018-9511).

j) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9476, CVE-2018-9501).

k) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2018-9513, CVE-2018-9514, CVE-2018-9515).

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process.

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2018-108/