As part of its May Android Security Bulletin, technology behemoth Google patched four remote code-execution (RCE) faults.
Responsible for essential apps such as the dialer, email and camera, three of the serious viruses are tied to the System portion of the Android platform architecture.
A fourth critical RCE bug is vulnerable to attack on the Android operating system’s Media framework.
Other details of the patches haven’t been revealed, but in all, the four patches (CVE-2019-2045, CVE-2019-2046, CVE-2019-2047, CVE-2019-2044) will be sent over the air to Google Pixel handsets over the next few days, compatible for devices running OS versions 7, 8 and 9.
Nevertheless, other devices will remain susceptible momentarily: Patches for Android handsets made by manufacturers such as Samsung and LG should be received over the next few weeks.
Earlier this week, Google also released patches for 10 bugs rated high, and one ranked modest; and it issued patches for faults recognized in third-party components from vendors such as NVIDIA, Broadcom and Qualcomm, bringing the total number of fixed CVEs to 30.
On Tuesday, Google said its next-generation mobile operating system, Android Q, facelifts the way it brings direct over-the-air updates.
Security updates have often been a pain point for Android devices; it takes time for various manufacturers to push out updates as so many device manufacturers utilize the operating system. Those updates are delivered over-the-air, but have so far been restricted to monthly updates. That’s about to change with Google’s efforts to rationalize the patching procedure by generating new update-friendly modules in its OS, capable of receiving direct over-the-air patches whenever required.