Android Security Bulletin—June 2019

[harlan4096]

Android Security Bulletin—June 2019:

Published June 3, 2019

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-06-05 or higher address all of these issues. To learn how to check a device's security patch level, see How to check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.

The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google service mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

Note: Information on the latest over-the-air (OTA) update and firmware images for Google devices is available in the June 2019 Pixel Update Bulletin.

Continue Reading