Google has released security patch levels of 2018-06-01 and 2018-06-05 to fix 56 vulnerabilities identified in various Android devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted file or install a malicious application.
A successful attack could lead to remote code execution, elevation of privilege, information disclosure or denial of service.
Some manufacturers have fixed or have planned to fix the vulnerabilities in their Android systems as listed below. The list is not exhaustive and it is recommended to consult the product vendors to confirm the availability of patches. If patches are available, users should upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk.
As interim measures and security best practices, users are reminded not to visit suspicious websites, nor follow URL links or download apps from un-trusted sources, emails or instant messages to avoid malware infection.
https://source.android.com/security/bulletin/2018-06-01
https://www.hkcert.org/my_url/en/alert/18060601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5829 (to CVE-2018-5831)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9338 (to CVE-2018-9341)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9344 (to CVE-2018-9348)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9355 (to CVE-2018-9364)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9366 (to CVE-2018-9373)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18155 (to CVE-2017-18159)