The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory.
Google addressed the flaw as part of the 2019-07-01 security patch level, it also fixed other 11 vulnerabilities.
Google patched three critical RCE in the Android Media framework (CVE-2019-2106, CVE-2019-2107, CVE-2019-2109). CVE-2019-2106 and CVE-2019-2107 affect all Android releases since 7.0, the CVE-2019-2109 impacts only Android 7.0 to 8.1 iterations.
The fourth Critical vulnerability addressed by Google, tracked as CVE-2019-2111, is a remote code execution flaw that affects the System in Android 9.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” continues the advisory.
Google July 2019 security patches for the Android also fixed six High severity issues in
Google also addressed a High severity information disclosure vulnerability (CVE-2019-2104) in Framework and a High severity remote code execution flaw (CVE-2019-2105) in Library.
The 2019-07-05 security patch level addressed a total of 21 flaws in Qualcomm components (2 rated as Critical and 6 as High severity) and Qualcomm closed source components (3 rated as Critical and 10 as High severity).
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.