Google Patches Critical Remote Code Execution Bugs in July Android Security Update
Jul. 8, 2018Google released the ‘July Security Update‘ for Android devices earlier this month, which tackles a total of 44 vulnerabilities in the operating system.
According to the July Security Bulletin, most of these 44 vulnerabilities were rated as high in severity. This update haspatched 11 critical exploits in the mobile OS, where the most severe of them all was a critical security vulnerability in the Android OS Media framework. If this vulnerability was exploited, a remote attacker could have used a“specially-crafted file to execute arbitrary code within the context of a privileged process,”says Google.
This was one of the five critical remote code execution (RCE) vulnerabilities found in the Android operating system. Google says that such exploits were discovered all across the platform, impacting the system, Media Framework (as we talked above), and the overall framework of Android. Further, the blog post added,
Note: If you’re unaware, PAC files are simple text files with JavaScript code that defines how web browsers can automatically choose the appropriate proxy server to fetch a URL. The attacker can use the same to instruct the browser to forward your traffic to a proxy server.
The July Security patch was rolled out to Google’s Pixel and Nexus devices at the start of this month, along with the Essential Phone PH-1. Other Android makers such as Samsung, Nokia and others are expected to follow suit in the coming days or weeks, depending on their timeline.
