TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows:
- An elevation of privilege vulnerability in Framework. (CVE-2018-9547)
- An elevation of privilege vulnerability in HTC components. (CVE-2018-9567)
- An elevation of privilege vulnerability in Media framework. (CVE-2018-9538)
- An information disclosure vulnerability in Framework. (CVE-2018-9548)
- Multiple arbitrary code execution in Media framework. (CVE-2018-9549, CVE-2018-9550, CVE-2018-9551, CVE-2018-9553)
- Multiple arbitrary code execution in System. (CVE-2018-9555, CVE-2018-9556)
- Multiple elevation of privilege vulnerabilities in Kernel components. (CVE-2018-10840, CVE-2018-9568)
....
....
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of a privileged process. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
NVIDIA NeMo Framework Vulnerabilities Allows Code Injection and Privilege Escalation
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
Google addresses 107 Android vulnerabilities, including two zero-days