And Apple fixes Watch-killing security patch of its own
By Shaun Nichols 6 Nov 2018
Google today pushed out the November edition of its monthly Android security updates, giving carriers and device makers a fresh set of patches to install. Fingers cross the patches are rolled out to you ASAP.
The November bulletin contains fixes for three remote code execution flaws as well as a number of information disclosure and elevation of privilege vulnerabilities in various core components of Android.
The three RCEs, two rated "critical" risks (CVE-2018-9527, CVE-2018-9531) and one rated "high" (CVE-2018-9521), were all found within the Android media framework. If exploited by, say, a booby-trapped video or received multimedia message, malicious code within the material could be executed with sufficient privileges to spy on the phone's owner and cause other mischief. Two elevation of privilege bugs (CVE-2018-9536, CVE-2018-9537) in the media framework were also classified as critical security risks.
Full Article.