9VSA22-00683-01 CSIRT alerta de vulnerabilidades en Android

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre vulnerabilidades que afectan al sistema operativo Android, dadas a conocer en el reporte de Google para Android correspondiente a agosto de 2022.

Vulnerabilidades

CVE-2021-39696

CVE-2021-0698

CVE-2021-0887

CVE-2021-0891

CVE-2021-0946

CVE-2021-0947

CVE-2021-30259

CVE-2021-39815

CVE-2022-1786

CVE-2022-20082

CVE-2022-20122

CVE-2022-20239

CVE-2022-20344

CVE-2022-20345

CVE-2022-20346

CVE-2022-20347

CVE-2022-20348

CVE-2022-20349

CVE-2022-20350

CVE-2022-20352

CVE-2022-20353

CVE-2022-20354

CVE-2022-20355

CVE-2022-20356

CVE-2022-20357

CVE-2022-20358

CVE-2022-20360

CVE-2022-20361

CVE-2022-22059

CVE-2022-22061

CVE-2022-22062

CVE-2022-22067

CVE-2022-22069

CVE-2022-22070

CVE-2022-22080

CVE-2022-25668

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-20345: Vulnerabilidad crítica que afecta al componente System. Parchado en las actualizaciones Android 12 y 12L. Según Google, un atacante no requiere privilegios de ejecución adicionales para realizar la explotación arbitraria de código en un ataque Bluetooth.

Productos afectados

Android, versiones anteriores a 12 y 12L

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://source.android.com/security/bulletin/2022-08-01?hl=en

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39696

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0698

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0887

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0891

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0947

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30259

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39815

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1786

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20082

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20122

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20239

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20344

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20345

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20346

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20347

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20348

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20349

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20350

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20352

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20353

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20354

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20355

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20356

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20357

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20358

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20360

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20361

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22059

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22061

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22062

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22067

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22069

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22070

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22080

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25668

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00683-01.

9VSA22-00683-01 CSIRT alerta de vulnerabilidades en Android