TTCSIRT-194.011119: TT-CSIRT Advisory – Android Security Updates
Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System:
a) An elevation of privilege vulnerability in Framework – (CVE-2018-9582).
b) A remote code execution vulnerability in System – (CVE-2018-9583).
c) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9584).
d) Multiple information disclosure vulnerabilities in System. (CVE-2018-9588).
e) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2018-10876).
f) An information disclosure vulnerability in Kernel components – (CVE-2018-10877).
g) An elevation of privilege vulnerability in NVIDIA components – (CVE-2018-6241).
h) Multiple Qualcomm closed-source components – (CVE-2018-11847, CVE-2018-11888, CVE-2018-13888).
These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files.
| Further information on these vulnerabilities and how they can be mitigated can be found on the Google Android Website at https://source.android.com/security/bulletin/2019-01-01.html |