Android Security Bulletin November 2018: What you need to know

0
5

Buy Organic Traffic | Cheap Organic Traffic | Increase Organic Traffic | Organic Traffic


Picture: Jack Wallen

The vacation season is upon us, and Android isn’t any stranger to giving items. So how about a couple of vulnerabilities to rejoice a vacation or two? This time round, the Android Safety Bulletin brings little in the way in which of surprises, with the Media Framework handing out a couple of Vital flaws. Nonetheless, the variety of vulnerabilities is not almost as unhealthy as earlier months. Let’s speak in regards to the vulnerabilities discovered on the newest Android Safety patches.

Earlier than we dive into what’s included with this month’s bulletin, it is all the time good to know what safety launch is put in in your system. To no shock, my each day driver, a Pixel three, is working the a safety patch that’s updated (November 5, 2018).

To search out out what patch stage you’re working, open Settings and go to About Cellphone. When you’re utilizing Android Pie, that location modified to Settings | Safety & Location | Safety up to date. Scroll down and faucet the model of Android discovered in your system. The ensuing window (Determine A) will reveal your safety patch stage.

Determine A

Figure AFigure A

Pixel three and the November 5 safety patch stage.

Terminology

You will see that several types of vulnerabilities listed. Doable varieties embody:

  • RCE—Distant code execution
  • EoP—Elevation of privilege
  • ID—Data disclosure
  • DoS—Denial of service

And now, onto the problems.

11/01/2018 Safety Patch Degree

Vital Points

There have been solely 4 points marked Vital within the November 1 patch stage. Every of those points had been labeled as such, as they may allow a distant attacker, utilizing a malicious file, to execute arbitrary code throughout the context of a privileged course of. The associated bugs are (listed by CVE, Reference, and Sort):

Excessive Points

The primary batch of points marked Excessive, hit the Framework. Every of those vulnerabilities may allow a regionally put in malicious software to execute arbitrary code throughout the context of a privileged course of. The associated bugs are (listed by CVE, Reference, and Sort):

The following part of points marked Excessive had been discovered within the Media Framework. These vulnerabilities may allow a distant attacker, utilizing a malicious file, to execute arbitrary code throughout the context of a privileged course of. The associated bugs are (listed by CVE, Reference, and Sort):

Lastly, there have been 5 points marked Excessive within the System. These vulnerabilities may give a distant attacker entry to information that ought to solely be accessible to regionally put in purposes. The associated bugs are (listed by CVE, Reference, and Sort):

11/05/2018 Safety Patch Degree

Vital Points

The one points marked Vital had been present in Qualcomm closed-source elements. These vulnerabilities are solely detailed within the associated Qualcomm AMSS safety bulletin/alert. The associated bugs are (listed by CVE and Reference):

  • CVE-2017-18317 A-78244877
  • CVE-2018-5912 A-79420111
  • CVE-2018-11264 A-109677962

Excessive Points

The primary group of points marked Excessive had been discovered within the Framework. These points may allow a locally-installed malicious software to execute arbitrary code throughout the context of a privileged course of. The associated bugs are (listed by CVE, Reference, and Sort):

The following group of points marked Excessive had been present in Qualcomm open-sourced elements. These vulnerabilities may allow a regionally put in malicious software to execute arbitrary code throughout the context of a privileged course of. The associated bugs are (listed by CVE, Reference, Qualcomm Reference, and Element):

Lastly, various Qualcomm closed-source elements had been discovered to incorporate various points marked Excessive. These vulnerabilities are solely detailed within the associated Qualcomm AMSS safety bulletin/alert. The associated bugs are (listed by CVE and Reference):

  • CVE-2016-10502 A-68326808*
  • CVE-2017-18316 A-78240714*
  • CVE-2017-18318 A-78240675*
  • CVE-2017-18315 A-78241957*
  • CVE-2018-11994 A-72950294*
  • CVE-2018-11996 A-74235967*
  • CVE-2018-5870 A-77484722*
  • CVE-2018-5877 A-77484786*
  • CVE-2018-5916 A-79420492*
  • CVE-2018-5917 A-79420096*
  • CVE-2018-11269 A-109678529*

Improve and replace

The builders will work diligently to patch the vulnerabilities, however it’s as much as finish customers to make sure the fixes discover their option to units. Be sure you not solely verify for updates, however that you simply apply them as quickly as they’re accessible.

Additionally See

Buy Website Traffic | Cheap Website Traffic | Increase Website Traffic | Website Traffic



Source link