Too bad, so sad, exploit devs: Google patches possibly several million dollars' worth of security flaws in Android

www.theregister.co.uk | 9/5/2019 | Staff
abbycraig (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2019/08/29/android.jpg

Google this week emitted the September edition of its monthly Android security updates – and has left at least one known vulnerability unpatched. Also, in case you missed it, the web giant started rolling out Android 10 a few days ago.

The September 2019 bundle of security fixes will be pushed out automatically to Google-branded devices, while those with other Android gear will be fed the fixes by their device manufacturer or mobile carrier. Some of the holes can be patched remotely by the ad giant via its Google Play Services regardless of the maker of the underlying hardware. In summary, check for system software updates.

Vulnerabilities - CVE-2019-2176 - CVE-2019-2108 - Media - Framework

Two of the platform-agnostic vulnerabilities (CVE-2019-2176 and CVE-2019-2108) are present in the Media Framework component of Android, and are rated as critical, as they would allow an attacker to get code execution by simply feeding the target a specially-crafted media file. The third code execution flaw (CVE-2019-2177) was in an unspecified part of the Android System software and is exploited through a "specially crafted transmission" according to Google.

Of the remaining 10 CVE-listed hardware-agnostic bugs patched, there are six address elevation-of-privilege flaws while the other four patch information disclosure vulnerabilities. These elevation-of-privilege holes can be exploited by malicious apps installed on...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Have you forgotten?
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!