Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google addressed three critical code execution flaws in Android Media Framework

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical. The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the […]

Wi-Fi

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical.

The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory.

Google addressed the flaw as part of the 2019-07-01 security patch level, it also fixed other 11 vulnerabilities.

Google patched three critical RCE in the Android Media framework (CVE-2019-2106, CVE-2019-2107, CVE-2019-2109). CVE-2019-2106 and CVE-2019-2107 affect all Android releases since 7.0, the CVE-2019-2109 impacts only Android 7.0 to 8.1 iterations.

The fourth Critical vulnerability addressed by Google, tracked as CVE-2019-2111, is a remote code execution flaw that affects the System in Android 9.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” continues the advisory.

Google July 2019 security patches for the Android also fixed six High severity issues in System. Four issues are information disclosure vulnerabilities (CVE-2019-2116, CVE-2019-2117, CVE-2019-2118, and CVE-2019-2119), the other two flaws are elevation of privilege bugs (CVE-2019-2112 and CVE-2019-2113).

Google also addressed a High severity information disclosure vulnerability (CVE-2019-2104) in Framework and a High severity remote code execution flaw (CVE-2019-2105) in Library.

The 2019-07-05 security patch level addressed a total of 21 flaws in Qualcomm components (2 rated as Critical and 6 as High severity) and Qualcomm closed source components (3 rated as Critical and 10 as High severity).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Google, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]