Vulnerabilities in Google Android

  • CERT Admin
  • Tue Jan 05 2021
  • Alerts

Systems Affected 

Google Android OS builds utilizing security patch levels issued before 5th May 2019 

Threat Level 

Medium 

Overview 

Multiple vulnerabilities have been reported in the Google Android operating system which could enable an attacker to perform arbitrary code execution, privilege escalation, obtain sensitive information, and cause a denial of service on the targeted system. 

Description 

Vulnerabilities existed in Google Android due to flaws in the media framework, System component, Kernel component, Broadcom component, MediaTek components, Qualcomm component, and Qualcomm close‐sourced component. These vulnerabilities can be triggered by asking a user to open a maliciously crafted document/file on the system. 

Impact 

  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access
  ✻  Malware infections
  ✻  Denial of Service 

Solution/ Workarounds 

  ✻  Apply the appropriate updates as provided by various device manufacture. Refer below for more information,
   https://source.android.com/security/bulletin/2020-12-01  

References 

  ✻  https://source.android.com/security/bulletin/2020-12-01
  ✻  https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2020-162/
  ✻  https://www.cert-in.org.in 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Tue Jan 05 2021