There is a hugely contested notion that Google’s titular mobile operating system Android when compared to Apple’s mobile platform, is a security nightmare. This notion, however obnoxious, is technically accurate especially if you take the platform’s recent predicament around malicious apps easily finding their way onto the Play Store.
To reaffirm the aforementioned notion, Google today announced it has made a discovery revealing three potentially destructive vulnerabilities within the Android operating system.
Among the three security loopholes discovered, the most severe dubbed CVE-2019-2232 received the highest destructive rating and according to the official NIST National Vulnerability Database description of the vulnerability:
In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.
What this means is that it doesn’t matter the mode of access (either through a malicously-created message or remotely) the end results are the same. The vulnerability could cause a denial of service to your Android-powered device running Android Version 8.0, 8.1, 9 as well as 10 .and permanent denial of service could practically send your smartphone to the underworld.
The report was made public through the December 2019 Android Security Bulletin and in it, Google outlined the security cracks but only seem to mention smartphones. There was no indication anywhere that the vulnerability could leak down to Android-supported Chromebooks.
A fix for the issue has already been deployed on the Android Open Source Project (AOSP) repository and should reach smartphones possibly in the next OTA update (Pixels first) in the coming days.
Via Forbes