Windows 10 News and info | Forum
April 26, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: November Android Security Update Fixes Critical Bugs, Drops Media Library  (Read 54 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 29943

I Do Windows

WWW Email
« on: November 08, 2018, 02:37:44 PM »

Google released to all users and partners its November security bulletin for the Android operating system, with fixes for critical remote code execution (RCE) and privilege escalation vulnerabilities.

In October, the Alphabet company slipped a pre-release version of this batch of updates to at least one Google Pixel user. The over-the-air (OTA) update was a confidential build intended for internal use.

RCEs and EoPs rated critical

Until phone makers and mobile network operators push the latest Android patches to users' endpoints, one critical RCE identified as CVE-2018-9527 affects versions of the operating system 7.0 (Nougat) through 9 (Pie).

Another RCE classified as critical is CVE-2018-9531 and it affects Android Nougat only. Both flaws are present in the media framework of the OS and could allow an attacker to run arbitrary code on the system in the context of a privileged process.

Other vulnerabilities with the same severity score are two privilege escalation bugs identified as CVE-2018-9536 and CVE-2018-9537. They impact Android Nougat.

Information disclosure vulnerabilities

A number of six security glitches that could be exploited to leak information from the Android system have received a high severity rating.

They are remotely exploitable and could reveal data that is normally accessible to locally installed applications according to their permissions manifest.

Half of these flaws impact multiple Android versions (Nougat through Pie) and the other half affect only the latest revision of the mobile operating system.

Bugs galore in Qualcomm components

Google also lists 14 security problems uncovered in Qualcomm components. More details are available in Qualcomm's security bulletin for November; three of them being rated with critical severity:

CVE-2017-18317 affects the Trusted Execution Environment (TEE) and allows bypassing modem-related restrictions (SIM lock, SIM kill), the report informs.

CVE-2018-5912 is a buffer overflow in the video component.

CVE-2018-11264 impacts the biometrics component in multiple Qualcomm chipsets. It is a possible buffer overflow in the fingerprint code.

Dropping the Libxaac library

Google announces in this Android security bulletin that it marked as experimental the Libxaac library for media compression and decoding and that it is no longer in included in production Android builds.

The reason behind this decision is the discovery of no less than 18 security issues in the library. The library will be removed from devices that still have it as soon as they run the latest Android security update.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 12, 2019, 02:05:49 AM