The vulnerabilities affect various Android components, including the Android operating system, framework, library, media framework, as well as Qualcomm components, including closed-source components.
Three of the critical vulnerabilities patched this month reside in Android's Media framework, the most severe of which could allow a remote attacker to execute arbitrary code on a targeted device, within the context of a privileged process, by convincing users into opening a specially crafted malicious file.
"The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed," the company says.
Out of the remaining seven critical vulnerabilities, one affects Android Library, one affects the System, two resides in Qualcomm components (one in DSP_Services and one in Kernel), and three resides in Qualcomm closed-source components.
Besides this, a high-severity flaw (CVE-2019-2104) in the Android Framework could allow an installed malicious app to bypass user interaction requirements in an attempt to gain access to additional permissions.
Six high-severity vulnerabilities addressed in Qualcomm components resides in WLAN Host (CVE-2019-2276, CVE-2019-2307), WLAN Driver (CVE-2019-2305), HLOS (CVE-2019-2278), and Audio (CVE-2019-2326, CVE-2019-2328).
According to the Android security advisory, none of the flaws addressed this month were publicly disclosed or found being exploited in the wild.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Apart from releasing patches for security vulnerabilities, the Android Security Patch for July 2019 also includes fixes for various issues in some of the supported version of Pixel devices.
Pixel smartphone users will get the July updates shortly, while others will have to wait for their Android device manufacturers or service providers to roll out the security patches for their devices.
Users are strongly recommended to download the most recent Android security updates as soon as they are available in order to keep their Android devices protected against any potential attack.