Google’s simply-released April 2019 Android security updates cope with 3 faraway code execution flaws affecting devices jogging the cellular OS.
As common, Google’s monthly Android replacement includes two patch ranges that are without delay to be had to Google’s own Pixel devices and have been shared with different Android device makers to distribute to their respective gadgets.
The 2019-04-01 patch degree consists of fixes for 2 important faraway code execution flaws affecting the Media framework. This Android media library was given a lot greater interest after 2015’s Stagefright bugs were discovered to affect all Android gadgets. It precipitated Google to pressure Android providers to deliver protection patches extra rapidly and often.
The Media framework bugs affect Android 7 and up and “may want to allow a far-off attacker using a specially crafted record to execute arbitrary code within the context of a privileged process”, in line with Google’s bulletin.
Samsung notes that its April protection update consists of fixes for the equal Media framework insects, CVE-2019-2027 and CVE-2019-2028. The patch is to be had for Samsung’s flagship Galaxy phones. Huawei likewise delivers Google’s Media framework fixes in its April update for flagship phones.
The final nine flaws are elevation-of-privilege and records-disclosure troubles affecting Android, the worst of which may allow an established malicious app to “execute arbitrary code within the context of a privileged technique”.
The 2nd patch level, 2019-04-05, addresses four flaws in Android itself, including one essential far-flung code execution computer virus and dozens of problems affecting Qualcomm components.
In its 2018 Android protection report, Google highlighted that consumer patching its personal Pixel devices is a large fulfillment. At the top of 2018, over 95 percent of all Pixel 3 and Pixel 3 XL phones in the wild have been running a security update for the beyond 90 days.
The employer also notes that it has labored with toolmakers, cell community operators, and device-on-chip vendors to reinforce the number of Android gadgets receiving normal safety updates. Google says in Q4 2018, it had “eighty-four percent more Android gadgets receiving a safety update than within the equal zone the earlier 12 months”.
Google is also assisting Android tool makers in using a device called SnoopSnitch, advanced through Security Research Labs, whose researchers hire it to find out whether or not devices from main brands are missing patches from a patch stage exhibited to users.
The organization observed that even well-known providers like HTC, Huawei, LG, and Motorola are missing, on average, three to 4 patches from every patch stage, leaving customers misinformed about the state of their devices.