In the new February updates Google fixes 42 vulnerabilities affecting Android operating systems. Although Google's android partners were notified about these problems, updates to the devices' operating systems are left to the manufacturers' developers, who Google claims were notified at least one month in advance..
The most relevant vulnerabilities
In the update report, they are based on failures of the following software components:
- Framework (CVE-2019-1986, CVE-2019-1987, CVE-2019-1988): Vulnerabilities that allow attackers to execute remote code in a privileged manner through a manipulated image in PNG format..
- Libraries (CVE-2017-17760): Remote code execution as a non-privileged process via a malicious file.
- Kernel (CVE-2018-10879, CVE-2019-1999, CVE-2019-2000, CVE-2019-2001): Remote code execution that allows a malicious application to execute code as a privileged process (EoP)..
On the other hand it is not yet known that a mobile device has been compromised by this vulnerability, there is no doubt that there are many attack vectors through which this type of images can be distributed. There is a vast number of devices running Andorid Oreo and Nougat versions..
Sofistic, CrowdStrike’s Partner of the Year, Project of the Year, Sales REP and Sales Engineer of the Year awards.
CrowdStrike, Sofistic’s strategic partner and EDR integrated in our SOC, held yesterday the “Partner Symposium Bogota”, the annual event where it gives awards to the companies that best complements its tool.
Cybersecurity Trends Report 2023
Results of SOC (Security Operations Center) audits and monitoring of companies conducted by Sofistic in 2022 and cybersecurity recommendations for 2023.
Sofistic, Exabeam’s Innovation Award
Exabeam, Sofistic’s partner and leader in the SIEM category of the Magic Quadrant™️ from Gartner®️ presents the 2022 Innovation of the Year Award to Sofistic during its Partner of the Year ’22 event.