Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Android Operating System < 4.4.0 Multiple Vulnerabilities

Medium

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

The Google Android operating system prior to 4.4.0 is affected by the following vulnerabilities:

- There is a flaw in the built-in browser that is due to the improper handling of NULL bytes by the URL parser. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2014-6041) - There is a flaw related to the 'addJavascriptInterface()' method and the 'accessibility' and 'accessibilityTraversal' objects. With specially crafted JavaScript loaded within the WebView component, a remote attacker can execute arbitrary methods of Java objects i.e. achieve remote code execution. (CVE-2014-7224) - There is an overflow condition in the DHCP client daemon 'dhcp.c' that is triggered when handling DHCP options. With a specially crafted ACK packet response, a context-dependent attacker can execute arbitrary code. (CVE-2014-7912) - There is a flaw in the Bluetooth application stack that is triggered when handling Host Controller Interface commands prior to pairing. This may allow a remote attacker within short range of the device to force pairing and in turn execute arbitrary code. (CVE-2014-7914)

Solution

Upgrade to Google Android operating system version 4.4.0 or later if possible.