News

July patches for Android fixing a number of critical RCE bugs

Released in July Android update (levels 2019-07-01 and 2019-07-05) brought patches for 33 vulnerabilities in OS itself, libraries, frameworks, and also for Qualcomm closed and open components.

Among fixed issues were nine critical RCE bugs.

According to the official Android Security Bulletin, the most dangerous of all vulnerabilities is a bug in the Media framework.

“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed”, — reported Android developers.

Three of the nine critical RCE bugs were discovered in the Media framework. Thus, vulnerabilities CVE-2019-2106 and CVE-2019-2107 threaten all versions of Android, ranging from 7.0 to 9.0. However, the third problem, CVE-2019-2109, does not pose a threat for 9.0 version.

The last, fourth critical bug found directly in Android, received the identifier CVE-2019-2111 and was found in the system itself. This issue is dangerous only for users of Android 9.0.

The remaining serious issues concern Qualcomm components.

“We have had no reports of active customer exploitation or abuse of these newly reported issues”, — ensure developers.

Other fixed this month issues may lead to disclosure and information leakage or privileges’ escalation.

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

19 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

19 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

19 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

19 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

19 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

19 hours ago