TTCSIRT-216.070919: TT-CSIRT Advisory – Android Security Updates
Google has released a security update stating that it has found the following issues in the Android OS:
a) Framework vulnerability enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions – (CVE-2019-2104).
b) Library vulnerability enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process – (CVE-2019-2105).
c) System vulnerability enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process – (CVE-2019-2111).
Further information on these vulnerabilities and how they can be mitigated can be found on the Android Website at https://source.android.com/security/bulletin/2019-07-01.html |