Google has released July months security update addressing 33 vulnerabilities in Android, in which 9 of them rated as critical.
A total of 33 vulnerabilities were patched in the Android security bulletin 2019, out of which 9 were rated as critical and 24 as high severity.
The vulnerabilities affect Android components such as framework, library, Qualcomm and its closed source components.
“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
Three of the most severe flaws lie in Android Media framework which could allow a remote attacker to execute arbitrary code in the device within the context of a privileged process using a specially crafted file.
The CVE-2019-2111 flaw residing in the system could also allow remote arbitrary code execution in the targeted device.
Out of the remaining critical flaws, 2 affects Qualcomm components and 3 affects Qualcomm source closed components.
The CVE-2019-2104 flaw rated as high severity in the Android framework could allow the local malicious application to bypass user interaction requirements in order to gain access to additional permissions.
According to the security advisory, they did not find any evidence of exploitation or abuse of these patched flaws.
Google has also released fixes for various issues in Google Pixel devices.
All users are advised to update their Android devices as soon as they are available. For more details regarding flaws and update, you can visit here.
You may be interested in reading: New GandCrab Ransomware Campaign Targets MySQL Servers on Windows