Monday, April 7, 2025
Follow us On Linkedin
HomeAndroidAndroid Security Update - Critical Vulnerabilities Let Hackers Control Your Android Phone...

Android Security Update – Critical Vulnerabilities Let Hackers Control Your Android Phone Remotely

AndroidUncategorized

Published on

By Balaji
Android Security Update – Critical Vulnerabilities Let Hackers Control Your Android Phone Remotely

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Android released new security updates and fixed several vulnerabilities that affected Android devices, and Android partners are notified of all issues.

Android fixed 33 vulnerabilities, in which, 9 vulnerabilities categorized under critical severity and rest of the 24 vulnerabilities are patched under “high” severity.

According to Android release notes, “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. “

- Advertisement - Google News

The Vulnerabilities that patched in this update affected various Android components including framework, media framework, library, Qualcomm and its closed-source components.

A critical vulnerability in system and Media Framework let a remote attacker execute the specially crafted file to execute arbitrary code within the context of a privileged process.

 The July Android security updates are also rolling out to the Google Pixel, Pixel XL, and Essential Phone.

Android Security Update

Framework

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2104A-131356202 [2] [3] [4] [5] [6] [7]IDHigh8.0, 8.1, 9

Library

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2105A-116114182RCEHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Media Framework

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2106A-130023983RCECritical7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2107A-130024844RCECritical7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2109A-130651570*RCECritical7.0, 7.1.1, 7.1.2, 8.0, 8.1

System

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2019-2111A-122856181 [2]RCECritical9
CVE-2019-2112A-117997080EoPHigh8.0, 8.1, 9
CVE-2019-2113A-122597079*EoPHigh9
CVE-2019-2116A-117105007IDHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2117A-124107808IDHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2118A-130161842IDHigh8.0, 8.1, 9
CVE-2019-2119A-131622568IDHigh8.0, 8.1, 9

Qualcomm components

CVEReferencesTypeSeverityComponent
CVE-2019-2308A-129852114
QC-CR#2338800		N/ACriticalDSP_Services
CVE-2019-2330A-129850940
QC-CR#2379952		N/ACriticalKernel
CVE-2019-2276A-130890737
QC-CR#2335974		N/AHighWLAN HOST
CVE-2019-2305A-78530292
QC-CR#2253984		N/AHighWLAN Driver
CVE-2019-2278A-130567114
QC-CR#2345293		N/AHighHLOS
CVE-2019-2307A-129850941
QC-CR#2337425		N/AHighWLAN HOST
CVE-2019-2326A-129850483
QC-CR#2372306 [2]		N/AHighAudio
CVE-2019-2328A-129851238
QC-CR#2375115 [2]		N/AHighAudio

Qualcomm closed-source components

CVEReferencesTypeSeverityComponent
CVE-2019-2254A-122473972*N/ACriticalClosed-source component
CVE-2019-2322A-129766496*N/ACriticalClosed-source component
CVE-2019-2327A-129766125*N/ACriticalClosed-source component
CVE-2019-2235A-122473271*N/AHighClosed-source component
CVE-2019-2236A-122474808*N/AHighClosed-source component
CVE-2019-2237A-122472479*N/AHighClosed-source component
CVE-2019-2238A-122473168*N/AHighClosed-source component
CVE-2019-2239A-122473304*N/AHighClosed-source component
CVE-2019-2240A-122473496*N/AHighClosed-source component
CVE-2019-2241A-122473989*N/AHighClosed-source component
CVE-2019-2253A-129766432*N/AHighClosed-source component
CVE-2019-2334A-129766099*N/AHighClosed-source component
CVE-2019-2346A-129766299*N/AHighClosed-source component

All the Android users are requested to update your phone immediately to apply the latest Android security patch.

To learn how to check a device’s security patch level, see Check and update your Android version.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

50,000 times Downloaded Android Horror Game from GooglePlay Steals Google and Facebook Login Credentials

New ViceLeaker Malware Attack on Android Devices With Backdoor Capabilities to Hijack Camera, Record Audio

Hackers Take Complete Control of Your Android Device by Launching MobOk Malware via Fake Photo Editing Apps in Google Play

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Threat Actors Exploit Fake CAPTCHAs and Cloudflare Turnstile to Distribute LegionLoader

In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using...
Cyber Attack

HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases

SuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime...
AI

AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks

In a groundbreaking development in the field of cybersecurity, AI has reached a pivotal...
cyber security

Threat Actors Use Windows Screensaver Files as Malware Delivery Method

Cybersecurity experts at Symantec have uncovered a sophisticated phishing campaign targeting various sectors across...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Android

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a...
Android

New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls

Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware...
Android

New Android Malware “TsarBot” Targeting 750 Banking, Finance & Crypto Apps

A newly identified Android malware, dubbed TsarBot, has emerged as a potent cyber threat...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved