The end of the year is coming known for the presence of multiple vulnerabilities affecting the Android SO and, though the majority of these errors do not represent a bigger threats for the users, it exists some exceptions. Experts in the vulnerabilities analysis say that, in the Android security summary of December were revealed 3 security errors; one of these errors is considered critical, because using a malicious message, could cause a permanent Denegation of Service (DoS).
The update to correct these errors is already avaiable, the bad news are that not all of the Android devices can be updated to the last SO version, besides not all the users receive the update at the same time.
The last weeks have been a bit discouraging in security matters for the Android users. Recently, was revealed a vulnerability that, being exploited, would allow a threaten actor to seize control of a device remotely to activate the camera and the microphone to gather information of the victim. Hundreds of thousands, or even millions of users from Android were exposed to this error until it was fixed, said the experts of the analysis of vulnerabilities.
Later, it was revealed that an update of the Rich Communication Services (RCS) could expose some users of Android to the exploit of the vulnerability “StrandHogg”, that could bring the malicious users access to text messages and multimedia, besides the possibility to extract the log in credentials of the users.
A total of 3 vulnerabilities were reported in the Security Bulletin of Android in December, in which we can highlight CVE-2019-2232 as the most dangerous, becauseaid that an incorrect validation of “handleRun” could bring the blockage of apps.
Explained otherwise, using an specially designed message, a threaten actor could generate a permanent service refuse condition on a vulnerable Android device, which could result in the destruction of all the systems in the device. Besides, the attack requires minimum interaction from the user, besides the hackers do not require aditional execution privileges. The vulnerability affects the Android versions 8,2,1,9 and 10.
However not everything are bad news, because Google announced that the corrections for CVE-2019-2232 and the other 2 vulnerabilities found in the SO are already avaiable in the repository of Android Open Source Project (AOSP)
The major counterpart is that not all users of Android would receive this update, besides that the availability of these corrections depends of the creator of the device, said the specialists in vulnerabilities’ analisys. The suers of Google Pixel will have the updates before the suers of any other company.
The users of the devices from other manufacturers more recently launched, like new Samsung Galaxy, will also be able to access to these corrections soon, while some of the users of older devices could not receive more updates.
In case that your device do not receive this pack of updates, specialists in the analysis of vulnerabilities of the Internation Institute of Cyber security (IICS) said that the best alternative is to try to acquire a newer model, because despite the older Android devices will still work, it is important to be protected against the newest threats in the mobile security.