Windows 10 News and info | Forum
November 16, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: November Android Security Update Fixes Critical Bugs, Drops Media Library  (Read 14 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29166


I Do Windows


WWW Email
« on: November 08, 2018, 02:37:44 PM »
ReplyReply

Google released to all users and partners its November security bulletin for the Android operating system, with fixes for critical remote code execution (RCE) and privilege escalation vulnerabilities.

In October, the Alphabet company slipped a pre-release version of this batch of updates to at least one Google Pixel user. The over-the-air (OTA) update was a confidential build intended for internal use.

RCEs and EoPs rated critical

Until phone makers and mobile network operators push the latest Android patches to users' endpoints, one critical RCE identified as CVE-2018-9527 affects versions of the operating system 7.0 (Nougat) through 9 (Pie).

Another RCE classified as critical is CVE-2018-9531 and it affects Android Nougat only. Both flaws are present in the media framework of the OS and could allow an attacker to run arbitrary code on the system in the context of a privileged process.

Other vulnerabilities with the same severity score are two privilege escalation bugs identified as CVE-2018-9536 and CVE-2018-9537. They impact Android Nougat.

Information disclosure vulnerabilities

A number of six security glitches that could be exploited to leak information from the Android system have received a high severity rating.

They are remotely exploitable and could reveal data that is normally accessible to locally installed applications according to their permissions manifest.

Half of these flaws impact multiple Android versions (Nougat through Pie) and the other half affect only the latest revision of the mobile operating system.

Bugs galore in Qualcomm components

Google also lists 14 security problems uncovered in Qualcomm components. More details are available in Qualcomm's security bulletin for November; three of them being rated with critical severity:

CVE-2017-18317 affects the Trusted Execution Environment (TEE) and allows bypassing modem-related restrictions (SIM lock, SIM kill), the report informs.

CVE-2018-5912 is a buffer overflow in the video component.

CVE-2018-11264 impacts the biometrics component in multiple Qualcomm chipsets. It is a possible buffer overflow in the fingerprint code.

Dropping the Libxaac library

Google announces in this Android security bulletin that it marked as experimental the Libxaac library for media compression and decoding and that it is no longer in included in production Android builds.

The reason behind this decision is the discovery of no less than 18 security issues in the library. The library will be removed from devices that still have it as soon as they run the latest Android security update.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page November 09, 2018, 09:39:04 AM