TR-21-0099 (Android Zafiyeti)

Genel Bilgi

Google Android İşletim Sisteminde Uzaktan Kod Çalıştırma, Bilgi İfşası ve Komut Enjeksiyonu zafiyetleri tespit edilmiştir.

Etki

Bu güvenlik zafiyetinden faydalanılarak siber saldırganların mevcut yazılımların değiştirilmesi ya da yenilenmesi ile hedef kullanıcının bilgisi ve izni olmadan, kullanıcı verilerine erişim sağlayabilmesi imkan dahilindedir.

Mevcut zafiyetlerin CVE kodları şu şekildedir:

CVE-2017-18509, CVE-2021-0332, CVE-2021-0325, CVE-2021-0335, CVE-2021-0341, CVE-2021-0338, CVE-2021-0302, CVE-2021-0305, CVE-2021-0314, CVE-2021-0327, CVE-2021-0330, CVE-2021-0334, CVE-2021-0337, CVE-2021-0339, CVE-2021-0340, CVE-2021-0326, CVE-2021-0328, CVE-2021-0329, CVE-2021-0331, CVE-2021-0333, CVE-2021-0336, CVE-2021-0311, CVE-2021-0312, CVE-2020-10732, CVE-2020-10766, CVE-2020-10767, CVE-2021-0301, CVE-2020-11233, CVE-2020-11239, CVE-2020-11240, CVE-2020-11250, CVE-2020-11261, CVE-2020-11262, CVE-2020-11134, CVE-2020-11182, CVE-2020-11126, CVE-2020-11159, CVE-2020-11181, CVE-2020-11235, CVE-2020-11238, CVE-2020-11241, CVE-2020-11260, CVE-2021-0352, CVE-2021-0353, CVE-2021-0354, CVE-2021-0355, CVE-2021-0356, CVE-2021-0357, CVE-2021-0358, CVE-2021-0359, CVE-2021-0360, CVE-2021-0361, CVE-2021-0362, CVE-2021-0363, CVE-2021-0364 ve CVE-2021-0365

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcılara cihazlarının işletim sistem versiyonlarını günce tutmalarını ve 3. Parti uygulamaları yüklerken dikkatli olmalarını tavsiye etmektedir.

Kaynaklar

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2021-017/

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0352

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0353

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0354

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0355

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0356

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0357

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0358

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0359

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0360

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-remote-code-execution_2021-017/

2021-02-03