Google has recently rolled-out numerous Android updates for December. These even include patches for some critical vulnerabilities in Android. One of these, upon an exploit, could lead to permanent denial of service.
Android Bug Leading To ‘Permanent DoS’
Reportedly, Google has fixed a critical security flaw affecting the latest Android devices with the December updates. A potential attacker could exploit this bug to create a persistent DoS state on the target device.
Mentioning about this vulnerability (CVE-2019-2232) in an advisory, Google stated,
The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted message to cause a permanent denial of service.
Google deemed this bug as a critical severity flaw for all affected Android versions alike, i.e., Android 8.0, 8.1, 9.0, and 10.
Other Critical Vulnerabilities In Android
In addition to the above, Google also rolled out fixes for two more serious security flaws affecting different Android versions. In case of an exploit, the flaws could allow an attacker to perform remote code execution on the target device.
These include CVE-2019-2222 and CVE-2019-2223 that received a critical severity rating in the case of Android 8.0, 8.1, and 9. Whereas, for Android 10, Google deemed the vulnerabilities as moderately severe.
Elaborating further on these flaws, the advisory reads,
The most severe vulnerability could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Apart from these three, Google has also released fixes for numerous other bugs bearing high and moderate severity labels. These flaws could result in information disclosure and elevation of privilege when exploited by a potential attacker.
Since Google has already rolled out fixes for all the flaws, users of the affected devices must ensure installing the updates at the earliest (if not done already) to stay protected.
Recently, researchers have also spotted a new Android vulnerability ‘StrandHogg’. The attackers can exploit the vulnerability to steal banking and other account credentials or to spy on users’ activities.
Let us know your thoughts in the comments.