https://www.theregister.co.uk/2018/11/06/android_november_patches/
By Shaun Nichols
The Register
6 Nov 2018
Google today pushed out the November edition of its monthly Android
security updates, giving carriers and device makers a fresh set of patches
to install. Fingers cross the patches are rolled out to you ASAP.
The November bulletin contains fixes for three remote code execution flaws
as well as a number of information disclosure and elevation of privilege
vulnerabilities in various core components of Android.
The three RCEs, two rated "critical" risks (CVE-2018-9527, CVE-2018-9531)
and one rated "high" (CVE-2018-9521), were all found within the Android
media framework. If exploited by, say, a booby-trapped video or received
multimedia message, malicious code within the material could be executed
with sufficient privileges to spy on the phone's owner and cause other
mischief. Two elevation of privilege bugs (CVE-2018-9536, CVE-2018-9537)
in the media framework were also classified as critical security risks.
The Android system component was the subject of six CVE bug entries, each
for information disclosure flaws that, if successfully exploited, would
give a remote attacker the ability to view user data that would normally
only be visible to local apps.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
