The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory.
Google addressed the flaw as part of the 2019-07-01 security patch level, it also fixed other 11 vulnerabilities.
Google patched three critical RCE in the Android Media framework (CVE-2019-2106, CVE-2019-2107, CVE-2019-2109). CVE-2019-2106 and CVE-2019-2107 affect all Android releases since 7.0, the CVE-2019-2109 impacts only Android 7.0 to 8.1 iterations.
The fourth Critical vulnerability addressed by Google, tracked as CVE-2019-2111, is a remote code execution flaw that affects the System in Android 9.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” continues the advisory.
Google July 2019 security patches for the Android also fixed six High severity issues in
Google also addressed a High severity information disclosure vulnerability (CVE-2019-2104) in Framework and a High severity remote code execution flaw (CVE-2019-2105) in Library.
The 2019-07-05 security patch level addressed a total of 21 flaws in Qualcomm components (2 rated as Critical and 6 as High severity) and Qualcomm closed source components (3 rated as Critical and 10 as High severity).