05 December 18, 16:11
Quote:Remote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin.
The flaws are part of a total of 53 unique bugs patched by the Android security team, with a total number of 11 critical bugs – six of which are RCE flaws tied to the operating system’s Media Framework and System components.
According to Google, there are no reports that any of the unique bugs have been exploited or abused in the wild. Patches apply to Google’s Pixel and Nexus devices along with flagship Android phones from Samsung, LG, HTC and others. Over-the-air updates will be sent to Google handsets, and update schedules for other device manufacturers and mobile carriers will vary, according to the bulletin.
The Android Media Framework, which acts as a go-between for media software and hardware, received the brunt of the patching. Four RCE vulnerabilities (CVE-2018-9549, CVE-2018-9550, CVE-2018-9551, CVE-2018-9552) impacted Android Open Source Project operating system versions ranging from 7.0 (Nougat) to 9 (Pie).
The most severe of the vulnerabilities released by the Android Security Team on Monday were the RCE bugs that “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”
Source: https://threatpost.com/google-patches-11...es/139612/