DataEndure | Managed Cybersecurity. It's about time.

Services
- Managed Services
  Cloud Security
  
  Email Security
  
  Endpoint Security
  
  Network Security
  
  N-SOC
  
  Compliance
  GRC
  
  Readiness Assessments
  
  Risk Management
  
  Complimentary Health Checks
  Network Health Check
  
  Resiliency Workshop
  
  Security Health Check
  
  In-Depth Assessments
  Application Dependency Mapping
  
  CISO Assessment
  
  Dark Data Assessment
  
  Network Assessment
  
  Penetration Testing
  
  Why Layered Defense is Critical
  
  Layered security is about protecting all vectors that have access into your network, and the network is no longer just inside your datacenter. It's wherever your endpoints, people, data, and assets reside.
  
  View the Video >>
Expertise
- Security & Compliance
  Layered Defense Strategy
  
  Cyber Threats & Solutions
  
  Information Management
  Data Resilience
  
  Cloud & Data Science
  Digital Transformation
  
  Infrastructure
  Scale and Efficiency
  
  Network
  Network Resilience
  
  What does "Good" Cybersecurity look like?
  
  Discover key insights for robust cybersecurity, addressing critical gaps and navigating evolving threats.
  
  Read the Blog >>
Industries
Company
- About Us
  Leadership
  
  News
  
  In the Community
  
  Careers
  
  Contact Us
  
  Partners
  Strategic Partners
  
  Technology Partners
  
  Partner Program
  
  Leading the Way Through Change
  
  Explore over 40 years of industry leadership and lasting impact as we delve into the remarkable history of Data Endure.
  
  Learn More >>
Resources
- Learn
  Security Advisories
  
  Blog
  
  Case Studies
  
  Podcast
  
  Events
  
  Videos
  
  White Papers
  
  Connect
  Contact Us
  
  Newsletter Sign Up
  
  Partner Program
  
  Watch our Tech Talk Series
  
  Stay up to date on the latest in cybersecurity with our monthly Tech talk series.
  
  Watch the Series >>

Security Advisory: Three Critical Remote Code Execution Vulnerabilities Found in Android Media Framework

October 10, 2019

Situation

Three critical Remote Code Execution vulnerabilities (CVE-2019-2184, CVE-2019-2185, CVE-2019-2186), were found in the Android Media Framework.

Problem

These vulnerabilities affect a large number of Android models and versions, specifically ones with a Qualcomm chip. Models include LG, Samsung, Google, Huawei, and Xiaomi. Versions include 7.1.1, 7.1.2, 8.0, 8.1, and 9.

Implication

Remote attackers could use a specially crafted file to execute code, which could lead to attacker installing malicious apps and being able to view/edit data on the device.

Need

While Android updates are dependent on the manufacturers, users should apply the latest security patch when made available by their carrier.

Google and LG have already rolled out patches in the October Security Update. Samsung will be rolling out the patch in their October Security Update.

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience

+ +

Chat with usLiveChat