CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red
June 7th, 2022: CyberHoot has learned of multiple critical Android vulnerabilities, affecting millions of Android smartphones, that have been patched today. Critical security flaws have been found in Android hardware, kernel software, media software, and system software. One vulnerability announced within Android phone’s chipset from UNISOC can be weaponized to disrupt a smartphone’s radio communications through a malicious packet.
Bottom Line: it is time to patch your Android phones and devices to protect yourselves from targeted attacks. Do so as soon as you can pull a viable plan together for your company’s devices.
An Israeli cybersecurity company Check Point said in a report that if Android devices with UNISOC chips are left unpatched, a hacker or military unit can leverage such a vulnerability to neutralize communications in a specific location. The vulnerability is in the modem firmware, not in the Android OS itself.
The vulnerability was discovered following a reverse-engineering of UNISOC’s LTE protocol stack implementation, which relates to a case of buffer overflow vulnerability in the component that handles Non-Access Stratum (NAS) messages in the modem firmware, resulting in Denial of Service (DoS).
it’s recommended that users update their Android devices to the latest available software as soon as possible. Update instructions are found below.
You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you. You can also manually check for updates (which you should do right now).
When you get a notification, open it and tap the update action.
If you cleared your notification or your device has been offline:
Most system updates and security patches happen automatically. To check if an update is available:
If you’re a subscriber to CyberHoot’s services, you’ll have access to our Policy and Process library which contains the vulnerability alert management process document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read moreA recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.