Dec 10, 2019, 08:43 AM IST
1 / 14
This may be the most ‘dangerous’ threat of 2019 for Android smartphone users: Devices at risk, other details
Google’s latest security bulletin (for December 2019) has ‘bad news’ for Android
2 / 14
The threat has been revealed in Google’s December 2019 Android Security Bulletin
3 / 14
In all three vulnerabilities, one is ‘most severe’
As per Google’s security bulletin, there are three vulnerabilities. Of these, two are rated as critical. The third one — CVE-2019-2232– has been highlighted as”most severe”.
4 / 14
According to official NIST National Vulnerability Database, the vulnerability in the “handleRun of TextLine.java” could create a “possible application crash.” This may lead to permanent denial of service as the attack can brick your smartphone
5 / 14
What causes the attack
A maliciously-crafted message can cause a denial of services to your Android device.
6 / 14
What is the solution: Installing Android’s December security update
Installing December security update as soon as it is available can help.
7 / 14
What is the problem: Not all Android devices receive timely security updates, and many old ones don’t
The biggest problem here is that not all Android smartphones receive timely security updates. Many do, but not as quickly as they should. Many old ones don’t even receive security patches. Smartphone users with older Android devices and many with not-so-known brands may not get the patch at all.
8 / 14
According to the description in Android Security Bulletin, “User interaction is not needed for exploitation.” The remote denial of service attack needs “no additional execution privileges,” adds the bulletin
9 / 14
Devices affected: The security flaw affects devices running on Android 8.0, Android 8.1, Android 9 and Android 10
The vulnerability affects devices running on Android 8.0, Android 8.1, Android 9 and Android 10 versions.
10 / 14
Good news: Patch is already out, but needs to be installed
The good news is that security patch for CVE-2019-2232 and the other security vulnerabilities has already been released to the Android Open Source Project (AOSP) repository.
11 / 14
Bad news: When and if you get the update depends on your smartphone manufacturer
12 / 14
Google devices are likely to be the first ones to get the update
Google released OTA updates on the same day as the monthly bulletin was released.
13 / 14
How to check if security patch is available
Most likely you will get a notification about the OTA update. In case, you feel you may have missed the update, just check your security patch level. To do this, check: Settings > About phone > Android security patch level.
14 / 14
On Android 9, this is: Settings —+ System —+ Advanced —+ System updates. Please note that most smartphone manufacturers add their own update, in addition to Google’s