SB2018100218 - Type conversion in Google, Google Android
Published: October 2, 2018 Updated: August 8, 2020
Security Bulletin ID
SB2018100218
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Type conversion (CVE-ID: CVE-2018-9490)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/105484
- https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382,
- https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb
- https://source.android.com/security/bulletin/2018-10-01,