Android July 2019 Security Update Patches 33 New Vulnerabilities

Posted by & filed under Security News.

Google has started rolling out this month’s security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity.

The vulnerabilities affect various Android components, including the Android operating system, framework, library, media framework, as well as Qualcomm components, including closed-source components.

Three of the critical vulnerabilities patched this month reside in Android’s Media framework, the most severe of which could allow a remote attacker to execute arbitrary code on a targeted device, within the context of a privileged process, by convincing users into opening a specially crafted malicious file.

“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” the company says.

Out of the remaining seven critical vulnerabilities, one affects Android Library, one affects the System, two resides in Qualcomm components (one in DSP_Services and one in Kernel), and three resides in Qualcomm closed-source components.

Besides this, a high-severity flaw (CVE-2019-2104) in the Android Framework could allow an installed malicious app to bypass user interaction requirements in an attempt to gain access to additional permissions.

Six high-severity vulnerabilities addressed in Qualcomm components resides in WLAN Host (CVE-2019-2276, CVE-2019-2307), WLAN Driver (CVE-2019-2305), HLOS (CVE-2019-2278), and Audio (CVE-2019-2326, CVE-2019-2328).

According to the Android security advisory, none of the flaws addressed this month were publicly disclosed or found being exploited in the wild.

Apart from releasing patches for security vulnerabilities, the Android Security Patch for July 2019 also includes fixes for various issues in some of the supported version of Pixel devices.

Pixel smartphone users will get the July updates shortly, while others will have to wait for their Android device manufacturers or service providers to roll out the security patches for their devices.

Users are strongly recommended to download the most recent Android security updates as soon as they are available in order to keep their Android devices protected against any potential attack.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.