Patch Android! July 2019 update fixes 9 critical flaws – Naked Security
Depending on when users receive it, this week’s Android July 2019 patch update will fix 33 security vulnerabilities, including 9 marked critical, and 24 marked high.
If you own a Google Pixel device, that will be within a day or two, leaving everybody else on the 2019-07-01 and 2019-07-05 patch levels (what these dates mean is explained here) running Android 7, 8 or 9 to wait anything from weeks to months to catch up.
As usual, July’s batch of fixes covers flaws in significant parts of Android, including system, framework, library, and Qualcomm’s numerous components, including closed-source software.
However, as has been the case for some months, it’s the media framework that provides a disproportionate amount of the patching action in the form of three remote code execution (RCE) bugs marked critical.
These are CVE-2019-2107, CVE-2019-2106 (affecting Android 7 and 8), and CVE-2019-2109 (which only affects Android 9).
Another RCE critical is CVE-2019-2111 in the Android system, with the remaining critical flaws all connected to Qualcomm’s closed-source components.