Google published its December 2019 Security Bulletin, and it comes with a few important fixes for various security issues, including one deemed critical.
The Android Security Bulletin provides information regarding all security patches issued for the Android operating systems, and in the latest December update Google underlined the fixes pushed upstream.
Google regularly releases updates for Android, mostly covering security fixes. Sometimes, the patches arrive with new features, but in this case, the fixes are more important. We don’t always get to see critical vulnerabilities, but the latest update closes one called CVE-2019-2232.
“In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android,” reads the CVE entry.
Basically, Android devices running anything from 8.0 upwards could have been bricked just by sending a specially crafted message. In technical parlance, that’s called a DoS (denial of service) attack. Not all attacks aim to steal data; some are just meant to cripple the use of a service.
Unfortunately for Android users, only a sliver of the entire user base will get this update, starting with Google Pixel owners. Phones in the Google One program will follow, but the rest of the hardware makers will take their time in implementing the latest fixes.
There is some good news. Details of the vulnerability were not made public, so the composition of the compromising text message is only known to the researchers.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsNovember 14, 2024
September 06, 2024