Against the backdrop of news about the HummingBad malware infecting Android devices, Google has released their monthly security update for July. The latest batch of patches addresses over 100 issues, many of them in Android’s own components, along with manufacturer’s chipset specific drivers.
One of the big targets of the update is the Android mediaserver component. That portion of the system handles video and audio stream processing. The patch fixes at least 16 vulnerabilities in that component, including at least 7 critical flaws that could be used to execute code with higher privileges. Another major vulnerability that was addressed involves the OpenSSL and BoringSSL crypto libraries.
Given the breadth of the issues addressed in this month’s update, Google split the updates into two parts. One part applies to all Android devices while the other one includes patches for specific chipsets. The general update was released first and carries a date of July 1. It fixes 32 vulnerabilities including 8 that were rated critical, 15 rated high severity and 9 rated moderate.
To get the patches rolling out to users, Google has released firmware updates for all supported Nexus devices. The patches should be hitting the Android Open Source Project over the next couple days and manufacturers were notified about a month ago so they could start to prepare their own device updates.