Home Security Google Patched Critical Vulnerabilities In Android With December Update

Google Patched Critical Vulnerabilities In Android With December Update


Google has recently rolled-out numerous Android updates for December. These even include patches for some critical vulnerabilities in Android. One of these, upon an exploit, could lead to permanent denial of service.

Android Bug Leading To ‘Permanent DoS’

Reportedly, Google has fixed a critical security flaw affecting the latest Android devices with the December updates. A potential attacker could exploit this bug to create a persistent DoS state on the target device.

Mentioning about this vulnerability (CVE-2019-2232) in an advisory, Google stated,

The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted message to cause a permanent denial of service.

Google deemed this bug as a critical severity flaw for all affected Android versions alike, i.e., Android 8.0, 8.1, 9.0, and 10.

Other Critical Vulnerabilities In Android

In addition to the above, Google also rolled out fixes for two more serious security flaws affecting different Android versions. In case of an exploit, the flaws could allow an attacker to perform remote code execution on the target device.

These include CVE-2019-2222 and CVE-2019-2223 that received a critical severity rating in the case of Android 8.0, 8.1, and 9. Whereas, for Android 10, Google deemed the vulnerabilities as moderately severe.

Elaborating further on these flaws, the advisory reads,

The most severe vulnerability could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Apart from these three, Google has also released fixes for numerous other bugs bearing high and moderate severity labels. These flaws could result in information disclosure and elevation of privilege when exploited by a potential attacker.

Since Google has already rolled out fixes for all the flaws, users of the affected devices must ensure installing the updates at the earliest (if not done already) to stay protected.

Recently, researchers have also spotted a new Android vulnerability ‘StrandHogg’. The attackers can exploit the vulnerability to steal banking and other account credentials or to spy on users’ activities.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More