Another month is right here and Android finds itself with a mix of important and excessive vulnerabilities.
Image: Jack Wallen
It’s a Qualcomm kinda month for the Android Security Bulletin, with the vast majority of points falling into the arms of the chip maker. Qualcomm elements alone maintain greater than fifty vulnerabilities marked “high” on this month’s safety bulletin. If you prefer to preserve watch on the safety of the Android platform you’ll actually wish to know what’s taking place within the April Security Bulletin.
Before we dive into what’s included with this month’s Android Security Bulletin, it is all the time good to know what safety launch is put in in your machine. As I have been testing the waters of the Android Q Beta 2 (not advisable for use by most of the people), it ought to come as no shock that my every day driver, a Pixel 3, is working a present safety patch (April 5, 2018).SEE: Windows 10 safety: A information for enterprise leaders (Tech Pro Research)To discover out what patch stage you might be working, open Settings and go to About Phone. If you utilize Android Pie, that location modified to Settings | Security & Location | Security up to date. Scroll down and faucet the model of Android discovered in your machine. The ensuing window (Figure A) will reveal your safety patch stage.Figure A: The most up-to-date safety patch discovered on Android Q Beta 2.Terminology
You will discover various kinds of vulnerabilities listed. Possible varieties embody:RCE—Remote code executionEoP—Elevation of privilegeID—Information disclosureDoS—Denial of service
And now, onto the problems.04/01/2019 Security Patch Level Critical pointsThere are solely two points marked important within the 04/01/2019 patch stage. Both of those points had been discovered within the media framework and are marked as such because of the capability of a distant attacker utilizing a malicious file to execute arbitrary code throughout the context of a privileged course of. The associated bugs are (listed by CVE, Reference, and Type):High pointsThe first problem marked excessive was discovered with the framework and was marked as such because of the capability of a neighborhood attacker to achieve extra permissions, which might bypass person interplay. The associated bug is (listed by CVE, Reference, and Type):CVE-2019-2026 A-120866126 EoPNext, we discover eight points marked excessive within the system. These bugs had been marked excessive as a result of it may allow a regionally put in, malicious utility to execute arbitrary code throughout the context of a privileged course of. Related bugs are (listed by CVE, Reference, and Type):And that is it for the 04/01/2019 safety patch stage.04/05/2019 Security Patch Level Critical pointsThere are eight important points discovered within the 04/05/2019 safety patch. The first problem is discovered within the system and is marked excessive because it may allow a distant attacker, utilizing a malicious file, to execute arbitrary code throughout the context of a privileged course of. The associated bug is (listed by CVE, Reference, and Type):Our subsequent important problem in one of many Qualcomm open supply elements. The particulars for this problem may be discovered within the April Qualcomm Security Bulletin. The associated bug is (listed by CVE, Reference, Qualcomm Reference, and Component):There had been six points marked important present in Qualcomm closed-source elements. Again, the main points for these points may be discovered within the April Qualcomm Security Bulletin. Related bugs are (listed by CVE and Reference):CVE-2018-11271 A-120487384CVE-2018-11976 A-117119000CVE-2018-12004 A-117118976CVE-2018-13886 A-117118295CVE-2018-13887 A-117119172CVE-2019-2250 A-122473270High issuesWith greater than fifty vulnerabilities between each open- and closed-source elements, Qualcomm chips discovered themselves in a most undesirable highlight. But Qualcomm wasn’t the one sufferer. The Android system is listed with three points marked excessive. These bugs had been marked as such as a result of it may allow a distant attacker utilizing a malicious file to execute arbitrary code throughout the context of a privileged course of. Related bugs are (listed by CVE, Reference, and Type):And now, the primary batch of Qualcomm points. Here is the record of points that have an effect on open-source elements. The particulars of those vulnerabilities may be discovered within the April Qualcomm Security Bulletin. Related bugs are (listed by CVE, Reference, Qualcomm Reference, and Component):Next comes the close-source Qualcomm elements. Here is the record of points that have an effect on open-source elements. The particulars of those vulnerabilities may be discovered within the April Qualcomm Security Bulletin. Related bugs are (listed by CVE and Reference):CVE-2018-11291 A-109678120CVE-2018-11821 A-111093019CVE-2018-11822 A-111092813CVE-2018-11828 A-111089816CVE-2018-11849 A-111092945CVE-2018-11850 A-111092919CVE-2018-11853 A-111091938CVE-2018-11854 A-111093762CVE-2018-11856 A-111093242CVE-2018-11859 A-111090373CVE-2018-11861 A-111092814CVE-2018-11862 A-111093763CVE-2018-11867 A-111093243CVE-2018-11870 A-111089817CVE-2018-11871 A-111092400CVE-2018-11872 A-111090534CVE-2018-11873 A-111091378CVE-2018-11874 A-111092946CVE-2018-11875 A-111093022CVE-2018-11876 A-111093244CVE-2018-11877 A-111092888CVE-2018-11879 A-111093280CVE-2018-11880 A-111092401CVE-2018-11882 A-111093259CVE-2018-11884 A-111090535CVE-2018-11928 A-112279580CVE-2018-11936 A-112279127CVE-2018-11967 A-119049704CVE-2018-11967 A-119052960CVE-2018-11968 A-114042276CVE-2018-12005 A-117118499CVE-2018-12012 A-117119174CVE-2018-12013 A-117119152CVE-2018-13885 A-117118789CVE-2018-13895 A-122472377CVE-2018-13925 A-120483842CVE-2019-2244 A-122472139CVE-2019-2245 A-122473145Improve and replace The builders will work diligently to patch vulnerabilities, however it’s as much as finish customers to make sure the fixes discover their technique to gadgets. Make certain you not solely test for updates, however you apply them as quickly as they grow to be out there.
Cybersecurity Insider Newsletter
Strengthen your group’s IT safety defenses by preserving abreast of the most recent cybersecurity information, options, and finest practices.
Delivered Tuesdays and Thursdays
Sign up in the present day
Sign up in the present day
Also see