NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Trending CVEs for the Week of July 29th, 2019

Why IAM Technology is Critical to Your Vulnerability Management Program

CVE-2019-2107 – Android devices could be hacked by playing a video

Description 

This vulnerability could lead to remote code execution with no additional execution privileges needed. CVE-2019-2107 flaw is in the Android media framework, playing a specially-crafted video on devices with the Android’s native video player application could allow attackers to compromise them due to a dangerous critical remote code execution flaw. 

Affected Products

  • Android-7.0
  • Android07.1.1
  • Android07.1.2
  • Android-8.0
  • Android-8.1
  • Android-9

Exploitation and Risk

Potentially an attacker could develop an exploit to remotely execute arbitrary code.

Fixes

Google addressed the flaw in the July 2019 Android Security Advisor, however, millions of people still can be effected.

References

National Vulnerability Database

Android Security Advisor

 

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.