CVE-2018-9490: Incorrect Type Cast
First published: Mon Oct 01 2018(Updated: )
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Android | =7.0 | |
| Android | =7.1.1 | |
| Android | =7.1.2 | |
| Android | =8.0 | |
| Android | =8.1 | |
| Android | =9.0 |
Remedy
https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/105484
- https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382,
- https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb
- https://source.android.com/security/bulletin/2018-10-01,
- https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382%2C
- https://source.android.com/security/bulletin/2018-10-01%2C
- https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382
- https://source.android.com/docs/security/bulletin/2018-10-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2018-9490?
CVE-2018-9490 has been classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2018-9490?
To fix CVE-2018-9490, users should update their Android devices to the latest software version provided by Google.
What versions of Android are affected by CVE-2018-9490?
CVE-2018-9490 affects Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9.0.
What type of vulnerability is CVE-2018-9490?
CVE-2018-9490 is a remote code execution vulnerability resulting from type confusion.
Is user interaction required for exploiting CVE-2018-9490?
Yes, user interaction is needed for the exploitation of CVE-2018-9490.
- agent/type
- agent/remedy
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/android
- version/android/7.0
- version/android/7.1.1
- version/android/7.1.2
- version/android/8.0
- version/android/8.1
- version/android/9.0