Google addressed three critical code execution flaws in Android Media Framework

Pierluigi Paganini July 03, 2019

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical.

The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory.

Google addressed the flaw as part of the 2019-07-01 security patch level, it also fixed other 11 vulnerabilities.

Google patched three critical RCE in the Android Media framework (CVE-2019-2106, CVE-2019-2107, CVE-2019-2109). CVE-2019-2106 and CVE-2019-2107 affect all Android releases since 7.0, the CVE-2019-2109 impacts only Android 7.0 to 8.1 iterations.

The fourth Critical vulnerability addressed by Google, tracked as CVE-2019-2111, is a remote code execution flaw that affects the System in Android 9.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” continues the advisory.

Google July 2019 security patches for the Android also fixed six High severity issues in System. Four issues are information disclosure vulnerabilities (CVE-2019-2116, CVE-2019-2117, CVE-2019-2118, and CVE-2019-2119), the other two flaws are elevation of privilege bugs (CVE-2019-2112 and CVE-2019-2113).

Google also addressed a High severity information disclosure vulnerability (CVE-2019-2104) in Framework and a High severity remote code execution flaw (CVE-2019-2105) in Library.

The 2019-07-05 security patch level addressed a total of 21 flaws in Qualcomm components (2 rated as Critical and 6 as High severity) and Qualcomm closed source components (3 rated as Critical and 10 as High severity).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Google, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment