- Android devices
Google has started rolling out this month’s security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity.
This bulletin has two security patch levels. At the basic 2019-07-01 level, 12 bugs are addressed.
- Five remote code execution vulnerabilities.
- Three (CVE-2019-2106, CVE-2019-2107, CVE-2019-2100) in the Android media framework.
- CVE-2019-2105 is in Android Library
- CVE-2019-2105 is found in the System.
All would be triggered by opening a specially-crafted file.
- CVE-2019-2104 in Framework
- CVE-2019-2116, CVE-2019-2117, CVE-2019-2118 and CVE-2019-2119 in System are for information disclosure bugs.
- CVE-2019-2112, CVE-2019-2113 are elevation of privilege vulnerabilities.
- Ten of the closed-source component CVEs were for issues rated as High security risks. this means things like elevation of privilege and information disclosure flaws.
- Another three were classified as critical, means a remote code execution vulnerability that requires little to no user interaction to exploit.
- CVE-2019-2308 in DSP Services and CVE-2019-2330 in Kernel were classified as critical.
- The other six were labeled high severity and were found in WLAN Host
(CVE-2019-2276, CVE-2019-2307), WLAN Driver (CVE-2019-2305), HLOS (CVE-2019-2278), and Audio (CVE-2019-2326, CVE- 2019-2328).
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Check and update your android version
The information provided herein is on “as is” basis, without warranty of any kind.