Android Security Update – Critical Vulnerabilities Let Hackers Control Your Android Phone Remotely

Android released new security updates and fixed several vulnerabilities that affected Android devices, and Android partners are notified of all issues.

Android fixed 33 vulnerabilities, in which, 9 vulnerabilities categorized under critical severity and rest of the 24 vulnerabilities are patched under “high” severity.

According to Android release notes, “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. “

The Vulnerabilities that patched in this update affected various Android components including framework, media framework, library, Qualcomm and its closed-source components.

A critical vulnerability in system and Media Framework let a remote attacker execute the specially crafted file to execute arbitrary code within the context of a privileged process.

The July Android security updates are also rolling out to the Google Pixel, Pixel XL, and Essential Phone.

Framework

CVE	References	Type	Severity	Updated AOSP versions
CVE-2019-2104	A-131356202 [2] [3] [4] [5] [6] [7]	ID	High	8.0, 8.1, 9

Library

CVE	References	Type	Severity	Updated AOSP versions
CVE-2019-2105	A-116114182	RCE	High	7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Media Framework

CVE	References	Type	Severity	Updated AOSP versions
CVE-2019-2106	A-130023983	RCE	Critical	7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2107	A-130024844	RCE	Critical	7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2109	A-130651570*	RCE	Critical	7.0, 7.1.1, 7.1.2, 8.0, 8.1

System

CVE	References	Type	Severity	Updated AOSP versions
CVE-2019-2111	A-122856181 [2]	RCE	Critical	9
CVE-2019-2112	A-117997080	EoP	High	8.0, 8.1, 9
CVE-2019-2113	A-122597079*	EoP	High	9
CVE-2019-2116	A-117105007	ID	High	7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2117	A-124107808	ID	High	7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2118	A-130161842	ID	High	8.0, 8.1, 9
CVE-2019-2119	A-131622568	ID	High	8.0, 8.1, 9

Qualcomm components

CVE	References	Type	Severity	Component
CVE-2019-2308	A-129852114 QC-CR#2338800	N/A	Critical	DSP_Services
CVE-2019-2330	A-129850940 QC-CR#2379952	N/A	Critical	Kernel
CVE-2019-2276	A-130890737 QC-CR#2335974	N/A	High	WLAN HOST
CVE-2019-2305	A-78530292 QC-CR#2253984	N/A	High	WLAN Driver
CVE-2019-2278	A-130567114 QC-CR#2345293	N/A	High	HLOS
CVE-2019-2307	A-129850941 QC-CR#2337425	N/A	High	WLAN HOST
CVE-2019-2326	A-129850483 QC-CR#2372306 [2]	N/A	High	Audio
CVE-2019-2328	A-129851238 QC-CR#2375115 [2]	N/A	High	Audio

Qualcomm closed-source components

CVE	References	Type	Severity	Component
CVE-2019-2254	A-122473972*	N/A	Critical	Closed-source component
CVE-2019-2322	A-129766496*	N/A	Critical	Closed-source component
CVE-2019-2327	A-129766125*	N/A	Critical	Closed-source component
CVE-2019-2235	A-122473271*	N/A	High	Closed-source component
CVE-2019-2236	A-122474808*	N/A	High	Closed-source component
CVE-2019-2237	A-122472479*	N/A	High	Closed-source component
CVE-2019-2238	A-122473168*	N/A	High	Closed-source component
CVE-2019-2239	A-122473304*	N/A	High	Closed-source component
CVE-2019-2240	A-122473496*	N/A	High	Closed-source component
CVE-2019-2241	A-122473989*	N/A	High	Closed-source component
CVE-2019-2253	A-129766432*	N/A	High	Closed-source component
CVE-2019-2334	A-129766099*	N/A	High	Closed-source component
CVE-2019-2346	A-129766299*	N/A	High	Closed-source component