SB2019022825 - Permissions, Privileges, and Access Controls in Google, Google Android

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-1994)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/106946
• https://source.android.com/security/bulletin/2019-02-01