Security Alert (A18-07-02): Multiple Vulnerabilities in Android


 

Published on: 05 July 2018

Description:

Google has released security patch levels of 2018-07-01 and 2018-07-05 to fix 44 vulnerabilities identified in various Android devices.  These vulnerabilities could be exploited by enticing a user to open a specially crafted file or install a malicious application.

 

Affected Systems:

  • All versions of Android operating system

 

Impact:

A successful attack could lead to remote code execution, elevation of privilege, information disclosure or denial of service.

 

Recommendation:

Some manufacturers have fixed or have planned to fix the vulnerabilities in their Android systems as listed below.  The list is not exhaustive and it is recommended to consult the product vendors to confirm the availability of patches.  If patches are available, users should upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk.

  • Google
    https://source.android.com/security/bulletin/2018-07-01

  • Samsung
    https://security.samsungmobile.com/securityUpdate.smsb#July

  • LG
    https://lgsecurity.lge.com/security_updates.html#SMR-JUL-2018

As interim measures and security best practices, users are reminded not to visit suspicious websites, nor follow URL links or download apps from un-trusted sources, emails or instant messages to avoid malware infection.

 

More Information:

https://source.android.com/security/bulletin/2018-07-01
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18170 (to CVE-2017-18173)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18274 (to CVE-2017-18279)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5872 (to CVE-2018-5876)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9410 (to CVE-2018-9412)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9419 (to CVE-2018-9422)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11257 (to CVE-2018-11259)

 



Tag: Android
Tags