Severity Rating: HIGH
Systems Affected
•Android Operating System versions prior to 10.0
Description
An Elevation of Privilege vulnerability named "StrandHogg 2.0" has been
reported in the Google Android due to confused deputy flaw in the
"startActivities()" of "ActivityStartController.java" which allow the
attacker to hijack any app on an infected device. A local attacker could
exploit this vulnerability by installing a malicious app on a device which
can hide behind legitimate apps.
Successful exploitation of this vulnerability could allow the attacker to
gain access to victim's login credentials, SMS messages, photos, phone
conversations, spy on the user through the phone's microphone and camera
and also track GPS location details on an affected device.
Best practices
•Install updates and patches as and when available from device
vendors/service providers.
•Do not download and install applications from untrusted sources
[offered via unknown websites/ links on unsolicited messages or emails].
Ensure to turn off the "Unknown Source" option in the Security Settings
page. Install applications downloaded from reputed application markets
only.
•Do not to visit un-trusted websites or follow links provided by unknown
or un-trusted sources.
Solution
Contact Device vendor or manufacturer for appropriate over-the-air updates
Vendor Information
Android
References
Android
Promon
ThreatPost
58/
CVE Name
CVE-2020-0096
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0195] Multiple Vulnerabilities in XiaomiMi 9 devices](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )