Google in the Android Open Source Project (AOSP) fixed three critical remote code execution (RCE) in the Media framework and another one in the Android system.

In all, Google repaired 33 security susceptibilities in the Android system, framework, library, media framework, Qualcomm components, and Qualcomm closed-source components, all of them addressed in the 2019-07-01 and 2019-07-05 security patch levels.

“This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly,” says the security bulletin.

The July 2019 Android Security Bulletin says that the most severe of these issues is a serious security susceptibility in Media framework that could allow a remote attacker using a particularly created file to perform arbitrary code within the context of a privileged process.

While the CVE-2019-2106, CVE-2019-2107, and CVE-2019-2109 serious RCE faults influence all Android 7.0 or later devices with Android 9.0 not being impacted by the latter, the fourth CVE-2019-2111 security issue present in the Android system impacts only devices running Android 9.0.

The rest of the 33 susceptibilities repaired in this security update are either advancement of privilege faults, can lead to information revelation, or haven’t yet been confidential, and users should be harmless against possible attacks after applying the latest Android security patch.

No reports of exploitation before revelation

According to the July 2019 Android Security Bulletin, there were no “reports of active customer exploitation or abuse of these newly reported issues.”

The bulletin also elucidates that all Android partners were warned of the security issues repaired and revealed in this update at least a month prior to today’s public revelation.

Additionally, “source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours” with the AOSP links to be reviewed to as soon as they are available.

Related articles

Vulnerability Alerts

Schneider Electric Fixes Vulnerabilities in U.motion Builder Software

By CertX
Drupal Is Prone To Remote Code Execution Vulnerability
Vulnerability Alerts

Drupal Is Prone To Remote Code Execution Vulnerability

By CertX
A Group of Security Patches for Workstation Firmware, Graphics Drivers and Server
Vulnerability Alerts

A Group of Security Patches for Workstation Firmware, Graphics Drivers and Server

By CertX
Cisco IOS XR Flaw Being Actively Targeted by Attackers
Vulnerability Alerts

Cisco IOS XR Flaw Being Actively Targeted by Attackers

By CertX
Critical Flaws Expose Dell Wyse Thin Client Devices to Attacks
Vulnerability Alerts

Critical Flaws Expose Dell Wyse Thin Client Devices to Attacks

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *