TTCSIRT-194.011119: TT-CSIRT Advisory – Android Security Updates

TTCSIRT-194.011119: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System:

a) An elevation of privilege vulnerability in Framework – (CVE-2018-9582).

b) A remote code execution vulnerability in System – (CVE-2018-9583).

c) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9584).

d) Multiple information disclosure vulnerabilities in System. (CVE-2018-9588).

e) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2018-10876).

f) An information disclosure vulnerability in Kernel components – (CVE-2018-10877).

g) An elevation of privilege vulnerability in NVIDIA components – (CVE-2018-6241).

h) Multiple Qualcomm closed-source components – (CVE-2018-11847, CVE-2018-11888, CVE-2018-13888).

These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files.

Further information on these vulnerabilities and how they can be mitigated can be found on the Google Android Website at https://source.android.com/security/bulletin/2019-01-01.html