Google Fixes Crucial Bluetooth RCE Vulnerability

Google has documented forty five vulnerabilities in its March update with eleven ranked crucial and thirty three were rated high. Eleven of the crucial Android vulnerabilities were fixed as portion of March Security Update of Google. Three of them were bound to media framework of Android and core system, while the remaining were concerned to inaccurate Qualcomm chip elements.

Google fixed three crucial distant code implementation flaws, containing two crucial media framework bugs CVE-2019-1990 and CVE-2019-1989 that influence Android 7.0 Nougat and after. A technical statement posted on The LineageOS Project website points that both of these are bound to the video-control API commands of Android while CVE data isn’t available so far. A third crucial flaw CVE-2019-2009 affecting the Android core system is meantime concerned to the Bluetooth component “l2c_lcc_proc_pdu”.

Bluetooth Distant Code implementation Flaw

The technical information pointing the vulnerability is bound to the Android Bluetooth mound while CVE information isn’t available for this one either. Past threat variables tied to “l2c_lcc_proc_pdu” have contained rising of privilege threats using Bluetooth, reasoned by an out of bounds write bug. This very new vulnerability is tagged as an RCE bug.

Google fixed CVE-2018-9555 earlier current year, which is a almost the same vulnerability in  l2c_lcc_proc_pdu (CVE-2019-2009). Google stated: “there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.”

Qualcomm Element Bugs

Eight extra crucial flaws were documented in Qualcomm elements. Two of the vulnerabilities are both connected to one CVE (CVE-2017-8252). The bug is a local content revelation flaw in TrustZone of Android, a particular subdivision of the Android kernel that functions its own operating system. Merely connected to an individual CVE (CVE-2018-11817), are two major vulnerabilities associated to a specialised Qualcomm chip known as digital incitation processor.

However, one vulnerability CVE-2018-11958 impacts the Android high level operating systems information on extra Qualcomm flaws are restricted according to the chip-maker. “Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keyboard input data,” Qualcomm wrote.

Samsung Fixes Distinct Crucial Flaws

Samsung fixed seven crucial bugs separately. Three of the fixes CVE-2019-1990, CVE-2019-2009 and CVE-2019-1989 occurred by Samsung were connected to March update of Google. The extra harmful bugs fixed by the Korean consumer electronics giant CVE-2018-11289, CVE-2018-11262 CVE-2018-11820, CVE-2018-11945 and CVE-2018-11938 were vulnerabilities documented by Google in its Android Security Update.

Modifications to Google Pixel and various vendor phones likely LG, Samsung and others have started via over-the-air updates. Source code fixes for the mentions meanwhile will be accomplished to the Android Open Source Project facility in the next two days  according to Google. The company has presented forty five vulnerabilities in its March update along with eleven ranked critical and thirty three rated high. Rising of privilege flaws prevailed this group of the month, accounting for twenty one detected flaws out the forty five listed.

Leave a Reply

Your email address will not be published. Required fields are marked *