Google recently published in Dec. 2019 Android Security Bulletin, which reveals the details of some vulnerabilities in the Android operating system. The report gives three vulnerabilities critical rating. Interestingly, the search engine giant highlights one of the three vulnerabilities as the most severe, obviously for a very good reason.
This Android vulnerability involves a single maliciously made message that could cause a permanent denial of service. It can be recalled that earlier reports revealed a vulnerability that could enable an attacker to take over the camera apps of Google and Samsung and record audio and take photos remotely. The scary thread can potentially affect hundreds of millions of Android users all over the world.
Earlier this month, another news surfaces that a new text messaging update utilizing Rich Communication Services(RCS) could make users vulnerable to hacking risks. Another vulnerability recently revealed to Android users is the StrandHogg that could allow hackers access to photos and text messages and steal users’ login credentials. But that’s not all.
Google reveals in the most recent Android Security Bulletin that a critical vulnerability exists. This particular vulnerability could execute a permanent denial of service attack remotely on any Android device through a specially crafted message. The search engine giant rates CVE-2019-2232 as the most severe of the three critical vulnerabilities.
It is described as the improper input validation in the “handleRun of TextLine.java” could create a “possible application crash by the official NIST National Vulnerability Database. What is a permanent denial of service attack? This particular attack could kibosh any smartphone, which does not require the user’s interaction for the attack execution. Additionally, it does not require additional permission or privileges to be executed.
CVE-2019-2232 In handleRun of https://t.co/VilJ7WzMi8, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User in… https://t.co/NsvuVST0Cw
— CVE (@CVEnew) December 6, 2019
The CVE-2019-2232 applies to various versions of Android, including Android 8.0, Android 8.1, Android 9, and Android 10 version. Fortunately, all the vulnerabilities revealed in Google’s Dec. 2019 Android Security Bulletin, including the CVE-2019-2232, have already been deployed to the Android Open Source repository (AOSP). The bad news is that at this point, we have no idea when the update will roll out, and it will depend on the device’s manufacturer.