Thursday, March 28, 2024

Android Security Update – Critical Vulnerabilities Let Hackers Control Your Android Phone Remotely

Android released new security updates and fixed several vulnerabilities that affected Android devices, and Android partners are notified of all issues.

Android fixed 33 vulnerabilities, in which, 9 vulnerabilities categorized under critical severity and rest of the 24 vulnerabilities are patched under “high” severity.

According to Android release notes, “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. “

The Vulnerabilities that patched in this update affected various Android components including framework, media framework, library, Qualcomm and its closed-source components.

A critical vulnerability in system and Media Framework let a remote attacker execute the specially crafted file to execute arbitrary code within the context of a privileged process.

 The July Android security updates are also rolling out to the Google Pixel, Pixel XL, and Essential Phone.

Android Security Update

Framework

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2104A-131356202 [2] [3] [4] [5] [6] [7]IDHigh8.0, 8.1, 9

Library

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2105A-116114182RCEHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Media Framework

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2106A-130023983RCECritical7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2107A-130024844RCECritical7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2109A-130651570*RCECritical7.0, 7.1.1, 7.1.2, 8.0, 8.1

System

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2111A-122856181 [2]RCECritical9
CVE-2019-2112A-117997080EoPHigh8.0, 8.1, 9
CVE-2019-2113A-122597079*EoPHigh9
CVE-2019-2116A-117105007IDHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2117A-124107808IDHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2118A-130161842IDHigh8.0, 8.1, 9
CVE-2019-2119A-131622568IDHigh8.0, 8.1, 9

Qualcomm components

CVEReferencesTypeSeverityComponent
CVE-2019-2308A-129852114
QC-CR#2338800
N/ACriticalDSP_Services
CVE-2019-2330A-129850940
QC-CR#2379952
N/ACriticalKernel
CVE-2019-2276A-130890737
QC-CR#2335974
N/AHighWLAN HOST
CVE-2019-2305A-78530292
QC-CR#2253984
N/AHighWLAN Driver
CVE-2019-2278A-130567114
QC-CR#2345293
N/AHighHLOS
CVE-2019-2307A-129850941
QC-CR#2337425
N/AHighWLAN HOST
CVE-2019-2326A-129850483
QC-CR#2372306 [2]
N/AHighAudio
CVE-2019-2328A-129851238
QC-CR#2375115 [2]
N/AHighAudio

Qualcomm closed-source components

CVEReferencesTypeSeverityComponent
CVE-2019-2254A-122473972*N/ACriticalClosed-source component
CVE-2019-2322A-129766496*N/ACriticalClosed-source component
CVE-2019-2327A-129766125*N/ACriticalClosed-source component
CVE-2019-2235A-122473271*N/AHighClosed-source component
CVE-2019-2236A-122474808*N/AHighClosed-source component
CVE-2019-2237A-122472479*N/AHighClosed-source component
CVE-2019-2238A-122473168*N/AHighClosed-source component
CVE-2019-2239A-122473304*N/AHighClosed-source component
CVE-2019-2240A-122473496*N/AHighClosed-source component
CVE-2019-2241A-122473989*N/AHighClosed-source component
CVE-2019-2253A-129766432*N/AHighClosed-source component
CVE-2019-2334A-129766099*N/AHighClosed-source component
CVE-2019-2346A-129766299*N/AHighClosed-source component

All the Android users are requested to update your phone immediately to apply the latest Android security patch.

To learn how to check a device’s security patch level, see Check and update your Android version.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

50,000 times Downloaded Android Horror Game from GooglePlay Steals Google and Facebook Login Credentials

New ViceLeaker Malware Attack on Android Devices With Backdoor Capabilities to Hijack Camera, Record Audio

Hackers Take Complete Control of Your Android Device by Launching MobOk Malware via Fake Photo Editing Apps in Google Play

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles