In the new February updates Google fixes 42 vulnerabilities affecting Android operating systems. Although Google's android partners were notified about these problems, updates to the devices' operating systems are left to the manufacturers' developers, who Google claims were notified at least one month in advance..
The most relevant vulnerabilities
In the update report, they are based on failures of the following software components:
- Framework (CVE-2019-1986, CVE-2019-1987, CVE-2019-1988): Vulnerabilities that allow attackers to execute remote code in a privileged manner through a manipulated image in PNG format..
- Libraries (CVE-2017-17760): Remote code execution as a non-privileged process via a malicious file.
- Kernel (CVE-2018-10879, CVE-2019-1999, CVE-2019-2000, CVE-2019-2001): Remote code execution that allows a malicious application to execute code as a privileged process (EoP)..
On the other hand it is not yet known that a mobile device has been compromised by this vulnerability, there is no doubt that there are many attack vectors through which this type of images can be distributed. There is a vast number of devices running Andorid Oreo and Nougat versions..
After obtaining Microsoft solutions Partner Modern Work, Sofistic has recently obtained the Microsoft Solutions Partner Security certification, demonstrating the successful adaptation to the new requirements established by the technological giant. One of the first...