Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Vulnerabilities in Google Android

 

Systems Affected


Google Android OS builds utilizing security patch levels issued before 5th May 2019

Threat Level


Medium


Overview


Multiple vulnerabilities have been reported in the Google Android operating system which could enable an attacker to perform arbitrary code execution, privilege escalation, obtain sensitive information, and cause a denial of service on the targeted system.


Description


Vulnerabilities existed in Google Android due to flaws in the media framework, System component, Kernel component, Broadcom component, MediaTek components, Qualcomm component, and Qualcomm close‐sourced component. These vulnerabilities can be triggered by asking a user to open a maliciously crafted document/file on the system.


Impact


  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access
  ✻  Malware infections
  ✻  Denial of Service


Solution/ Workarounds


  ✻  Apply the appropriate updates as provided by various device manufacture. Refer below for more information,
   https://source.android.com/security/bulletin/2020-12-01


References


  ✻  https://source.android.com/security/bulletin/2020-12-01
  ✻  https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2020-162/
  ✻  https://www.cert-in.org.in


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.