Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Patches Critical Vulnerabilities in Android’s Media Framework

Google has released its April 2019 set of security patches for the Android platform, which fixes three Critical vulnerabilities, including two that affect the Media framework component. 

Google has released its April 2019 set of security patches for the Android platform, which fixes three Critical vulnerabilities, including two that affect the Media framework component. 

Tracked as CVE-2019-2027 and CVE-2019-2028, the two security flaws could be exploited remotely by attackers to execute code on vulnerable devices. Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9 are impacted. 

“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google’s advisory reads

Both bugs were addressed as part of the 2019-04-01 security patch level, along with one High severity flaw (elevation of privilege) in Framework and 8 High risk issues in System (5 elevation of privilege and 3 information disclosure). 

The second part of this month’s security fixes, included in the 2019-04-05 security patch level, addresses over 75 vulnerabilities in System and open and closed-source Qualcomm components.

The first of the four issues patched in System is a Critical remote code execution bug that impacts Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9, the same as the flaws in Media framework. The remaining three are High risk bugs (2 elevation of privilege and 1 information disclosure).

Another Critical vulnerability was addressed in Qualcomm components, along with 29 other High severity flaws. Of the 30 bugs, 29 impact WLAN HOST, and only one affects Kernel. 

Of the 44 vulnerabilities patched in Qualcomm closed-source components, 6 were rated Critical and 38 were rated High severity. 

Advertisement. Scroll to continue reading.

No Pixel security fixes were included in the April 2019 Pixel Update Bulletin, but Google did release some functional patches for Pixel devices, to improve the functionality of assistant, Wi-Fi connectivity, and display functionality of Pixel 3 and Pixel 3 XL, and Bluetooth connectivity on Pixel and Pixel XL.

Related: Android Q Brings New Privacy and Security Features

Related: 18,000 Android Apps Violate Google’s Ad ID Policies: Analysis

Related: Google Patches Critical Vulnerability in Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.