Android flaw allows attackers to permanently freeze your device

Android’s December 2019 updates patches a small list of system and Qualcomm flaws across the operating system’s two patch levels [1].
According with Google, a specific flaws (CVE-2019-2232) may allows an attacker to cause a permanent denial of service by simply sending a specifically crafted message [2].

It has not been announced how this paralyzing message should be crafted, but some clues can be extracted from the patch source code [3].


How to fix the problem?

You need to install the Android updates of December 2019, if they are not already installed and if they are available for your device.

These instructions [4] apply to Android version 9:

  1. Open your phone’s Settings app.
  2. Near the bottom, tap System  Advanced  System update.
  3. You’ll see your update status. Follow any steps on the screen.

Updates will be available at different times depending on the manufacturer of the device: on Android bullettin page you can find updates from Google, Huawei, LG, Motorola, Nokia and Samsung [5].


References

  1. Android Security Bulletin—December 2019
  2. CVE-2019-2232
  3. https://android.googlesource.com/platform/frameworks/base/+/4ce901e4058d93336dca3413dc53b81bbdf9d3e8
  4. Check & update your Android version
  5. Android Security Bulletins

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.