Android released new security updates and fixed several vulnerabilities that affected Android devices, and Android partners are notified of all issues.
Android fixed 33 vulnerabilities, in which, 9 vulnerabilities categorized under critical severity and rest of the 24 vulnerabilities are patched under “high” severity.
According to Android release notes, “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. “
The Vulnerabilities that patched in this update affected various Android components including framework, media framework, library, Qualcomm and its closed-source components.
A critical vulnerability in system and Media Framework let a remote attacker execute the specially crafted file to execute arbitrary code within the context of a privileged process.
The July Android security updates are also rolling out to the Google Pixel, Pixel XL, and Essential Phone.
Android Security Update
Framework
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2019-2104 | A-131356202 [2] [3] [4] [5] [6] [7] | ID | High | 8.0, 8.1, 9 |
Library
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2019-2105 | A-116114182 | RCE | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
Media Framework
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2019-2106 | A-130023983 | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2019-2107 | A-130024844 | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2019-2109 | A-130651570* | RCE | Critical | 7.0, 7.1.1, 7.1.2, 8.0, 8.1 |
System
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2019-2111 | A-122856181 [2] | RCE | Critical | 9 |
| CVE-2019-2112 | A-117997080 | EoP | High | 8.0, 8.1, 9 |
| CVE-2019-2113 | A-122597079* | EoP | High | 9 |
| CVE-2019-2116 | A-117105007 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2019-2117 | A-124107808 | ID | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 |
| CVE-2019-2118 | A-130161842 | ID | High | 8.0, 8.1, 9 |
| CVE-2019-2119 | A-131622568 | ID | High | 8.0, 8.1, 9 |
Qualcomm components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2019-2308 | A-129852114 QC-CR#2338800 | N/A | Critical | DSP_Services |
| CVE-2019-2330 | A-129850940 QC-CR#2379952 | N/A | Critical | Kernel |
| CVE-2019-2276 | A-130890737 QC-CR#2335974 | N/A | High | WLAN HOST |
| CVE-2019-2305 | A-78530292 QC-CR#2253984 | N/A | High | WLAN Driver |
| CVE-2019-2278 | A-130567114 QC-CR#2345293 | N/A | High | HLOS |
| CVE-2019-2307 | A-129850941 QC-CR#2337425 | N/A | High | WLAN HOST |
| CVE-2019-2326 | A-129850483 QC-CR#2372306 [2] | N/A | High | Audio |
| CVE-2019-2328 | A-129851238 QC-CR#2375115 [2] | N/A | High | Audio |
Qualcomm closed-source components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2019-2254 | A-122473972* | N/A | Critical | Closed-source component |
| CVE-2019-2322 | A-129766496* | N/A | Critical | Closed-source component |
| CVE-2019-2327 | A-129766125* | N/A | Critical | Closed-source component |
| CVE-2019-2235 | A-122473271* | N/A | High | Closed-source component |
| CVE-2019-2236 | A-122474808* | N/A | High | Closed-source component |
| CVE-2019-2237 | A-122472479* | N/A | High | Closed-source component |
| CVE-2019-2238 | A-122473168* | N/A | High | Closed-source component |
| CVE-2019-2239 | A-122473304* | N/A | High | Closed-source component |
| CVE-2019-2240 | A-122473496* | N/A | High | Closed-source component |
| CVE-2019-2241 | A-122473989* | N/A | High | Closed-source component |
| CVE-2019-2253 | A-129766432* | N/A | High | Closed-source component |
| CVE-2019-2334 | A-129766099* | N/A | High | Closed-source component |
| CVE-2019-2346 | A-129766299* | N/A | High | Closed-source component |
All the Android users are requested to update your phone immediately to apply the latest Android security patch.
To learn how to check a device’s security patch level, see Check and update your Android version.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.
