Google Fixes DoS Flaw in Android
Google released an update fixing three critical-severity flaws in its Android operating system. One of the flaws could result in a permanent denial of service on affected mobile devices if exploited. The vulnerabilities were fixed as part of Google's December 2019 Android Security Bulletin, Qualcomm, whose chips are used in Android devices, also patched 22 critical and high-severity vulnerabilities.
The most severe issue is a critical security vulnerability in the Framework component that could enable a remote hacker to cause a permanent denial of service. . That DoS flaw has been addressed for devices running on versions 8.0, 8.1, 9 and 10 of the Android operating system. The other flaws existed in Android's Media framework. This framework includes support for playing common media types, so that users can easily utilize audio, video and images. Android devices running on operating systems versions 8.0, 8.1,9 and 10 have been addressed for these bugs, which could enable a remote hacker to execute code within the context of a privileged process.
Google's update comes as out of date Android devices continue to face threats, including a new Android vulnerability disclosed this week, called StrandHogg, which could allow malware to pose as popular apps and ask for various permissions, allowing hackers to listen in on users, take photos, read and send SMS messages. In a security notice, security researchers at the Multi-State Information Sharing and Analysis Center urged Android users to update immediately.