"The DoS vulnerability is tracked as CVE-2026-0049 and it affects Android's Framework component. The weakness can be exploited by a local attacker with no additional execution privileges and without user interaction to cause a DoS condition."
"The second vulnerability affects StrongBox, Android's hardware-backed secure keystore that adds a higher level of protection for cryptographic keys. StrongBox works by storing and managing keys inside a dedicated Secure Element (SE), a separate, tamper-resistant hardware chip."
"The StrongBox flaw is tracked as CVE-2025-48651 and it has been assigned a 'high severity' rating, but it's unclear what it can be exploited for. StrongBox vulnerabilities in general could allow key extraction, privilege escalation, or triggering a DoS condition."
The latest Android security updates fix two vulnerabilities, including a critical denial-of-service (DoS) issue tracked as CVE-2026-0049, affecting the Android Framework. This vulnerability can be exploited by local attackers without user interaction. The second vulnerability, tracked as CVE-2025-48651, affects StrongBox, Android's secure keystore, but its specific exploit details remain undisclosed. StrongBox vulnerabilities could lead to key extraction or privilege escalation. Neither vulnerability has been reported as exploited in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]