First Google security patches for Android in 2019 fix a critical flaw

Google released its security patches for Android in 2019 that addressed tens of vulnerabilities in the popular mobile OS.

Google released the first batch of security patches for Android in 2019 that addressed tens of flaws, the most severe of them is the CVE-2018-9583 issue.

The CVE-2018-9583 flaw is a critical remote code execution vulnerability affecting the System, it was included in the 2019-01-01 security patch level.

A remote attacker could exploit the flaw using a specially crafted file to execute arbitrary code within the context of a privileged process. 

The 2019-01-01 security patch level addresses a total of 13 security flaws.

Google addressed only one flaw in Framework, tracked as CVE-2018-9582 it was rated as a High severity and affects Android versions 8.0, 8.1, and 9. 

The other 12 vulnerabilities affecting the System component are:

  • 1 Critical remote code execution bug.
  • 4 High risk elevation of privilege issues.
  • 7 High severity information disclosure vulnerabilities.

The 2019-01-05 security patch level addressed a total of 14 vulnerabilities in Kernel components (7), NVIDIA components (1), Qualcomm components (3), and Qualcomm closed-source components (3).

The most severe issue is the CVE-2018-11847 flaw, a Critical bug affecting a Qualcomm closed-source component that could allow local malicious applications to execute arbitrary code within the context of a privileged process.

Pierluigi Paganini

(SecurityAffairs – Android, security patches)

The post First Google security patches for Android in 2019 fix a critical flaw appeared first on Security Affairs.