TTCSIRT-231.100219: TT-CSIRT ADVISORY – ANDROID SECURITY UPDATES
Please be advised that multiple vulnerabilities have been discovered in the Google Android 10 operating system (OS), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of a privileged process. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files.
TTCSIRT encourages users and administrators to apply the following MS-ISAC recommendations:
- Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
- Only download applications from trusted vendors in the Play Store.
- Do not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Be aware of the threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.
For more information, please visit:
https://source.android.com/security/bulletin/android-10