Google releases October Android Security Patch
Google has already released this month’s routine security update for Android, and this update fixes multiple high-risk vulnerabilities for frameworks and media components.
These vulnerabilities can cause remote code execution and are therefore extremely harmful. Users can only fix it after Qualcomm and the vendor jointly issue a patch.
But unfortunately, most devices can no longer get security updates after they are released, so users can only pay more attention to safety during daily use.
Google App Store Protector mitigates vulnerabilities:
For some of the weaknesses, use the protection component of the Google App Store, which can automatically remove potentially dangerous programs.
Under normal circumstances, if a user installs a program with potential hazards, it can be detected, but it is not defensive for categories such as remote code execution.
Therefore, it is still necessary to repair the chip manufacturer and the equipment manufacturer together, and then release a security patch to fix the vulnerability to solve the problem completely.
System framework vulnerability:
Hackers can make specific files to induce user access and then execute arbitrary code remotely, using some privileged processes to run the code.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2018-9490 | A-111274046 [2] | EoP | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9491 | A-111603051 | RCE | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9492 | A-111934948 | EoP | High | 8.0, 8.1, 9 |
| CVE-2018-9493 | A-111085900 [2] [3] | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9452 | A-78464361 [2] | DoS | Moderate | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
Media Framework Vulnerabilities:
The media framework is a component of the Android system that is often found to be vulnerable, so every time Google releases a monthly routine update, it will be there.
The critical vulnerability of this media framework is also a remote code execution vulnerability, where an attacker can make a specific file to execute arbitrary code using a privileged process.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2018-9473 | A-65484460 | RCE | Critical | 8.0 |
| CVE-2018-9496 | A-110769924 | RCE | Critical | 9 |
| CVE-2018-9497 | A-74078669 | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9498 | A-78354855 | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1 |
| CVE-2018-9499 | A-79218474 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
System level security vulnerabilities:
The most serious security vulnerability at the system level is remote code execution. Attackers make specially crafted files and use privileged processes to execute arbitrary code remotely.
Of course, the biggest problem is that these vulnerabilities are universal, that is, from the Android 6.0 version to the latest version of Android 9.0 will be affected.
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2017-13283 | A-78526423 | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9476 | A-109699112 | EoP | Critical | 8.0, 8.1 |
| CVE-2018-9504 | A-110216176 | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9501 | A-110034419 | EoP | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9502 | A-111936792 [2] [3] | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9503 | A-80432928 [2] [3] | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9505 | A-110791536 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9506 | A-111803925 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9507 | A-111893951 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9508 | A-111936834 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1 |
| CVE-2018-9509 | A-111937027 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9510 | A-111937065 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2018-9511 | A-111650288 | DoS | High | 9 |
Kernel component vulnerabilities:
This kernel component vulnerability can also be used to execute arbitrary code, except that an attacker can use a local malicious program to execute code using a privileged process.
These vulnerabilities are all privilege elevation vulnerabilities, so users should be able to mitigate local malicious programs if they enable the Google App Store Protection component.
Of course, the Google App Protection component only recognizes most malicious programs and does not perform automatic deletion for unrecognized malicious programs.
