Google’s simply-released April 2019 Android security updates cope with 3 faraway code execution flaws affecting devices jogging the cellular OS.
As common, Google’s monthly Android replace includes two patch ranges that are without delay to be had to Google’s own Pixel devices and have been shared with different Android device makers to distribute to their respective gadgets.
The 2019-04-01 patch degree consists of fixes for 2 important faraway code execution flaws affecting the Media framework, the Android media library that was given a lot greater interest after 2015’s Stagefright bugs have been discovered to have an effect on truly all Android gadgets and precipitated Google to pressure Android providers to deliver protection patches extra rapidly and often.
The Media framework bugs have an effect on Android 7 and up and “may want to allow a far off attacker using a specially crafted record to execute arbitrary code within the context of a privileged process”, in line with Google’s bulletin.
Samsung notes that its April protection update consists of fixes for the equal Media framework insects, CVE-2019-2027 and CVE-2019-2028. The patch is to be had for Samsung’s flagship Galaxy phones. Huawei is likewise delivering Google’s Media framework fixes in its April update for flagship phones.
The final nine flaws are elevation-of-privilege, and records-disclosure troubles affecting Android, the worst of that may allow an established malicious app to “execute arbitrary code within the context of a privileged technique”.
The 2nd patch level, 2019-04-05, addresses four flaws in Android itself, including one essential far-flung code execution computer virus, as well as dozens of problems affecting Qualcomm components.
Google highlighted this week in its 2018 Android protection report that stop-consumer patching of its personal Pixel devices is a large fulfilment. At the stop of 2018, over 95 per cent of all Pixel 3 and Pixel 3 XL phones within the wild were running a security update from the beyond 90 days.
The employer also notes that it has laboured with toolmakers, cell community operators, and device-on-chip vendors to reinforce the number of Android gadgets receiving normal safety updates. Google says in Q4 2018, it had “eighty-four percentage more Android gadgets receiving a safety update than within the equal zone the earlier 12 months”.
Google is also assisting Android tool makers in using a device called SnoopSnitch, advanced through Security Research Labs, whose researchers hire it to find out whether or not devices from main brands are missing patches from a patch stage exhibited to users.
The organization observed that even well-known providers like HTC, Huawei, LG, and Motorola are missing on average three to 4 patches from every patch stage, leaving customers misinformed approximately the state of their device.
