Trending CVEs for the Week of July 29th, 2019

CVE-2019-2107 – Android devices could be hacked by playing a video

Description 

This vulnerability could lead to remote code execution with no additional execution privileges needed. CVE-2019-2107 flaw is in the Android media framework, playing a specially-crafted video on devices with the Android’s native video player application could allow attackers to compromise them due to a dangerous critical remote code execution flaw. 

Affected Products

  • Android-7.0
  • Android07.1.1
  • Android07.1.2
  • Android-8.0
  • Android-8.1
  • Android-9

Exploitation and Risk

Potentially an attacker could develop an exploit to remotely execute arbitrary code.

Fixes

Google addressed the flaw in the July 2019 Android Security Advisor, however, millions of people still can be effected.

References

National Vulnerability Database

Android Security Advisor