{"id":6162,"date":"2019-07-05T14:34:32","date_gmt":"2019-07-05T14:34:32","guid":{"rendered":"https:\/\/gtechbooster.com\/?p=6162"},"modified":"2023-04-01T01:36:51","modified_gmt":"2023-04-01T01:36:51","slug":"google-android-july-security-bulletin-fixes-3-critical-rce-bugs","status":"publish","type":"post","link":"https:\/\/gtechbooster.com\/google-android-july-security-bulletin-fixes-3-critical-rce-bugs\/","title":{"rendered":"Google Android July Security Bulletin Fixes 3 Critical RCE Bugs"},"content":{"rendered":"\n

Google has released fixes for three critical remote code execution \nbugs in the media framework of its Android operating system. These flaws\n could allow a remote attacker to execute arbitrary code.<\/p>\n\n\n\n

\"\"<\/a><\/div><\/div>

The flaws are part of Google\u2019s July Android Security Bulletin, which \nincluded fixes for 12 critical and high-severity vulnerabilities. For \nits part, Qualcomm, whose chips are used in Android devices, also \npatched 21 vulnerabilities, according to the bulletin.<\/p>\n\n\n\n

\u201cThe most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,\u201d <\/p> according to Android\u2019s Monday security bulletin<\/a>. <\/cite><\/blockquote>\n\n\n\n

These three critical flaws (CVE-2019-2106, CVE-2019-2107, \nCVE-2019-2109) exist in Android\u2019s Media framework. This framework \nincludes support for playing variety of common media types, so that \nusers can easily utilize audio, video and images.<\/p>\n\n\n\n

The flaws \u201ccould enable a remote attacker using a specially crafted \nfile to execute arbitrary code within the context of a privileged \nprocess\u201d according to Google.<\/p>\n\n\n\n

Another critical vulnerability (CVE-2019-2111) also exists in the \nAndroid operating system. The critical remote code execution flaw could \nallow a remote attacker using a specially crafted file to execute \narbitrary code, according to the advisory.<\/p>\n\n\n\n

Overall, the operating system had six other high-severity \nvulnerabilities, including four information disclosure flaws \n(CVE-2019-2116, CVE-2019-2117, CVE-2019-2118, CVE-2019-2119) and two \nelevation of privilege flaws (CVE-2019-2112, CVE-2019-2113).<\/p>\n\n\n\n

Also patched was a high severity information disclosure flaw \n(CVE-2019-2104) in the Android framework, and a high-severity remote \ncode execution vulnerability (CVE-2019-2105) in the Android library.<\/p>\n\n\n\n

Qualcomm Patches<\/h2>\n\n\n\n

Google also patched 21 CVEs related to Qualcomm components<\/a>,\n which are used in Android devices. Included are a slew of \nvulnerabilities impacting various Qualcomm components, including kernel,\n audio and closed-source components. These include five critical \nseverity vulnerabilities and 16 high-severity flaws.<\/p>\n\n\n\n

Google said there are no reports of the vulnerabilities being actively exploited.<\/p>\n\n\n\n

Manufacturer Updates<\/h2>\n\n\n\n

Manufacturers of Android devices push out their own patches to \naddress the July updates in tandem with or after the Google Security \nBulletin.<\/p>\n\n\n\n

LG issued a security update addressing patches released by Google, \nincluding all critical flaws. \u201cLG recommends all users update their \ndevices to the latest SW,\u201d according to the release<\/a>. \u201cAll SW updates include all the available security patches at the moment of release.\u201d<\/p>\n\n\n\n

Samsung said in a security alert<\/a>\n it is releasing a maintenance release for major flagship models as part\n of monthly Security Maintenance Release (SMR) process \u2013 including \npatches from Google.<\/p>\n\n\n\n

In an online statement<\/a>, Nokia said: \u201c[Nokia owner] HMD Global is delivering the latest Security Patches to your Android smartphone as quickly as possible. However, there are several factors which may affect the date you actually receive an update. These factors include device model, region, location, operator approvals, and Google\u2019s Security Patch Monthly Release announcement. Security Patches are also sometimes included with Maintenance Releases.\u201d<\/p>\n\n\n\n

More Information<\/h2>\n\n\n\n