Google in the Android Open Source Project (AOSP) patched three critical remote code execution vulnerabilities in the Media framework and another RCE flaw in the Android system as a part of its July 2019 security patch.
The July 2019 patch also fixed 33 other vulnerabilities in the Android system, framework, library, media framework, Qualcomm components, and Qualcomm closed-source components.
Four RCE vulnerabilities
The most critical of these RCE security flaws is a vulnerability in the Media framework that could allow an attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
According to the July 2019 Android Security Bulletin, there were no reports of active exploitation or abuse of these vulnerabilities.
Two privilege escalation flaws
Two privilege escalation flaws in the Android system were patched in the July 2019 security patch.
Other security flaws
The other 31 vulnerabilities patched in this security update include information disclosure impacting the Android system, framework, library, media framework, Qualcomm components, and Qualcomm closed-source components.
“Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin,” the security bulletin read.
Publisher