TTCSIRT-186.120518: TT-CSIRT Advisory – Android Security Updates
Google has released a security update stating that the following issues have been discovered in the Android OS:
a) Elevation of privilege vulnerability in Framework – (CVE-2018-9547).
b) Information disclosure vulnerability in Framework – (CVE-2018-9548).
c) Multiple arbitrary code execution in System – (CVE-2018-9555, CVE-2018-9556).
d) Multiple vulnerabilities in Qualcomm components – (CVE-2018-11960, CVE-2018-11961, CVE-2018-11963).
These vulnerabilities could be exploited through multiple methods such as email, web browsing and MMS when processing media files and depending on the privileges associated with the application, an attacker could then install programs, view, change, delete data or create new accounts with full user rights.
Further information on these vulnerabilities and how they can be mitigated can be found on the Android Website at https://source.android.com/security/bulletin/2018-12-01.html |