TTCSIRT-216.070919: TT-CSIRT Advisory – Android Security Updates

TTCSIRT-216.070919: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that it has found the following issues in the Android OS:

a) Framework vulnerability enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions – (CVE-2019-2104).

b) Library vulnerability enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process – (CVE-2019-2105).

c) System vulnerability enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process – (CVE-2019-2111).

Further information on these vulnerabilities and how they can be mitigated can be found on the Android Website at https://source.android.com/security/bulletin/2019-07-01.html