Android Patches 33 New Security Vulnerabilities

 In Security Alerts

SYSTEMS AFFECTED

  • Android devices

THREAT LEVEL

  • High

OVERVIEW

Google has started rolling out this month’s security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity.

DESCRIPTION

This bulletin has two security patch levels. At the basic 2019-07-01 level, 12 bugs are addressed.

  • Five remote code execution vulnerabilities.
  • Three (CVE-2019-2106, CVE-2019-2107, CVE-2019-2100) in the Android media framework.
  • CVE-2019-2105 is in Android Library
  • CVE-2019-2105 is found in the System.

All would be triggered by opening a specially-crafted file.

  • CVE-2019-2104 in Framework
  • CVE-2019-2116, CVE-2019-2117, CVE-2019-2118 and CVE-2019-2119 in System are for information disclosure bugs.
  • CVE-2019-2112, CVE-2019-2113 are elevation of privilege vulnerabilities.
  • Ten of the closed-source component CVEs were for issues rated as High security risks. this means things like elevation of privilege and information disclosure flaws.
  • Another three were classified as critical, means a remote code execution vulnerability that requires little to no user interaction to exploit.
  • CVE-2019-2308 in DSP Services and CVE-2019-2330 in Kernel were classified as critical.
  • The other six were labeled high severity and were found in WLAN Host

(CVE-2019-2276, CVE-2019-2307), WLAN Driver (CVE-2019-2305), HLOS (CVE-2019-2278), and Audio (CVE-2019-2326, CVE- 2019-2328).

IMPACT

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

SOLUTION

Check and update your android version

REFERENCE

  1. https://source.android.com/security/bulletin/2019-07-01
  2. https://www.bleepingcomputer.com/news/security/july-android-security-update-fixes-four-critical-rce-flaws/
  3. https://www.theregister.co.uk/2019/07/01/july_android_fixes/
  4. https://thehackernews.com/2019/07/android-security-update.html

CREDITS

@Android

DISCLAIMER

The information provided herein is on “as is” basis, without warranty of any kind.

Recent Posts

Leave a Comment