(Image by Prayad Kosasaeng/Pixabay)
Google has rolled out the Android Security Patch for July 2018 including the 2018-07-01 and 2018-07-05 and is now available worldwide, at least for Pixel and Nexus users. The ones intended for smartphones running on Android will be released over the next few days.
The source code patches for security issues are now available at the Android Open Source Project.
Google said in its security bulletin that the most “severe” of the issues “is critical security vulnerability in Media framework” because it could allow a remote attacker to use a “specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
The security patch addresses 44 vulnerabilities while 26 additional patches are specifically for Pixel and Nexus users. The vulnerabilities are found in Android’s essential components, which include Framework, Kernel, Media Framework, and Qualcomm components and Qualcomm closed-source components.
According to the security bulletin, “The component is also a factor in how users get updates. A bug in the framework or kernel will require an over-the-air (OTA) firmware update that each OEM will need to push. A bug in an app or library published in Google Play (e.g., Gmail, Google Play Services, WebView in Lollipop and later versions) can be sent to Android users as an update from Google Play.”
Google explained that the two security patch levels allow Android users “to fix a subset of vulnerabilities that are similar across all Android devices more quickly.”
Users can update their systems over-the-air (OTA), which may sometimes come from original equipment manufacturers.
The Android security team also looked into security bugs to help them find ways to protect users. Google Play now scans all applications and will immediately delete that it thinks will exploit the bug. The Verify Apps feature will help users determine if the apps installed outside of Google Play are safe to use.