Patch Android! June 2019 update fixes eight critical flaws


Unbeknown to most users, devices running supported versions of Android are supposed to get small amounts of new software every month, mostly security updates.

Unfortunately, as we pointed out in May, when and whether that happens is a matter of whim for each device’s manufacturer.

Updates for Google’s Pixel smartphones will arrive sometime this week – covering functional issues as well as security patches.

But if your device is made by another vendor, June’s Android patches could turn up any time from next month to some point later this year.

Given that June’s two patch levels (2019-06-01 and 2019-06-05) comprise only 13 CVEs plus another 9 from Qualcomm, this might not sound like that big a loss.

But if the same device is also missing previous updates, as many will be, the number of missing patches rises to dozens.

Amplifying the update confusion is Android’s version fragmentation, which gave Apple CEO Tim Cook cause to gloat when he mentioned at this week’s WWDC 2019 conference that the newest version of Android is still only running on 10% of Google’s mobile devices compared to 85% of iPhones running the latest iOS.

June patches

Despite the modest vulnerability count, the fact that 8 are marked ‘critical’ and 14 ‘high’ is good enough reason to want them as soon as possible, with 2 of the criticals (CVE-2019-2094 and CVE-2019-2095) affecting only version 9.

Seven are elevation of privilege (EoP), four are remote code execution (RCE), leaving the remaining flaws without designation.

By policy, Google doesn’t furnish much detail on individual flaws, but does mention that the most serious of this month’s vulnerabilities is in media framework which might allow:

A remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Meanwhile, CVE-2019-2097 in the Android system could:

Enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process.

Luckily, the advisory continues, Google has had no reports that any of the serious flaws are being exploited.

What to do

Anyone looking to understand the difference between Android’s two patching levels should read the explanation we offered as part of April’s Android patch coverage.

Individual vendors often publish their own advisories that often offer clearer information than Google’s official Android updates. For instance, here are the June 2019 updates for Samsung, Nokia, Motorola, LG, and Huawei.

Products You May Like

Articles You May Like

Samsung Galaxy Note 10+ review
Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps
Porsche packs the power into its newest Cayenne plug-in hybrids
How To Help Your Kids Manage Our ‘Culture of Likes’
Certificate Giant Slams Plan to Shorten HTTPS Lifespans

Leave a Reply

Your email address will not be published. Required fields are marked *