Google Patches Critical Flaws in Android's System Component

Google this week released its November 2019 set of security patches for Android to address nearly 40 vulnerabilities affecting the platform, including critical flaws in the System component.

The first part of the November 2019 Android Security Bulletin, namely the 2019-11-01 security patch level, resolves a total of 17 flaws in Framework, Library, Media framework, and System.

The most severe of these vulnerabilities is a Critical issue in the System component, which “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.

A total of three Critical flaws were addressed in System, all of which could lead to remote code execution. The first of them (CVE-2019-2204) impacts Android 9, while the other two (CVE-2019-2205 and CVE-2019-2206) impact Android 8.0, 8.1, 9 and 10.

Google this month patched five other flaws in the System component, all rated High severity. Two of these are elevation of privilege bugs, while the other three are information disclosure issues.

A total of six High risk issues were fixed in Framework, namely four elevation of privilege vulnerabilities and two information disclosure bugs. Google also patched a High severity remote code execution flaw in Library and two High risk elevation of privilege issues in the Media framework.

Google also addressed 21 vulnerabilities as part of the 2019-11-05 security patch level, including two High severity Information disclosure flaws in Framework, one High risk elevation of privilege in System, and three High severity elevation of privilege and one Moderate risk information disclosure weaknesses in Kernel components.

Additionally, the 2019-11-05 security patch level includes fixes for three High severity flaws in Qualcomm comp ..