Android Patches 33 New Security Vulnerabilities

 In Security Alerts

SYSTEMS AFFECTED

  •  Android devices

 

THREAT LEVEL

  • High

OVERVIEW

Google has started rolling out this month’s security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity.

DESCRIPTION

This bulletin has two security patch levels. At the basic 2019-07-01 level, 12 bugs are addressed.

  • Five remote code execution vulnerabilities.
  • Three (CVE-2019-2106, CVE-2019-2107, CVE-2019-2100) in the Android media framework.
  • CVE-2019-2105 is in Android Library
  • CVE-2019-2105 is found in the System.

All would be triggered by opening a specially-crafted file.

  • CVE-2019-2104 in Framework
  • CVE-2019-2116, CVE-2019-2117, CVE-2019-2118 and CVE-2019-2119 in System are for information disclosure bugs.
  • CVE-2019-2112, CVE-2019-2113 are elevation of privilege vulnerabilities.

 

  • Ten of the closed-source component CVEs were for issues rated as High security risks. this means things like elevation of privilege and information disclosure flaws.
  • Another three were classified as critical, means a remote code execution vulnerability that requires little to no user interaction to exploit.
  • CVE-2019-2308 in DSP Services and CVE-2019-2330 in Kernel were classified as critical.
  • The other six were labeled high severity and were found in WLAN Host

(CVE-2019-2276, CVE-2019-2307), WLAN Driver (CVE-2019-2305), HLOS (CVE-2019-2278), and Audio (CVE-2019-2326, CVE- 2019-2328).

IMPACT

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

SOLUTION

Check and update your android version

 

REFERENCE

  1. https://source.android.com/security/bulletin/2019-07-01
  2. https://www.bleepingcomputer.com/news/security/july-android-security-update-fixes-four-critical-rce-flaws/
  3. https://www.theregister.co.uk/2019/07/01/july_android_fixes/
  4. https://thehackernews.com/2019/07/android-security-update.html

CREDITS

@Android

DISCLAIMER

The information provided herein is on “as is” basis, without warranty of any kind.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt