Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Patch now (if you can!): Latest Android update fixes clutch of RCE flaws

Shutterstock_734644999-compressor

Android’s December security bulletin arrived this week with another sizable crop of vulnerabilities to add to the patching list for devices running version 7.0 Nougat to version 9.0 Pie, including Google Pixel users.

Overall, December sees a total of 53 separate flaws and 21 assigned CVE numbers. (Qualcomm components add another 32 CVEs in mainly closed-source components.)

If there’s a theme this month, it’s probably remote code execution (RCE), which accounts for five of the 11 critical flaws listed, plus one flaw marked high.

Four of these were discovered in the Media Framework with another two in the core system, which could, in Google’s words:

Enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

This means that an attacker exploiting the flaws could remotely take overa vulnerable Android device – for example by sending you a booby-trapped image or talking you into clicking on a...(continued)

View All Trending Stories