Recently the tech giant Google released a huge security bulletin describing the 108 security vulnerabilities in its Android Operating System. As the tech giant, Google has provided a detailed breakdown on the android security bulletin website.
Hence, the corrections were divided by the tech giant Google into two levels, the first separation hotfix on two levels required to provide a more flexible process to control the patch delivery to end-user devices.
The first level addresses the vulnerabilities directly to the Android Operating System, as the tech giant, Google fixed 7 critical RCE vulnerabilities that allow remote execution of arbitrary code where Mediaserver component found. An attacker can get complete control over the vulnerable device and can activate it via browsing the Internet, MMS, or read the email message, viewing of video files. Another critical vulnerability related to OpenSSL and BoringSSL can also be activated with a specially crafted file.
Other fixed vulnerabilities can allow substantially increase privileges on the Android Operating System and can also get access to the potentially sensitive information. As the security bugs are present in different libraries, services, and implementation of Bluetooth Framework API.
The second level of the update contains the fixes that are specific to the particular device manufacturers such as Nexus, Pixel, Android One. It is in most cases, privilege elevation vulnerability present in Qualcomm drivers, the NVIDIA and the MediaTek, as hardware to driver components and some bugs are also found in the OS kernel.
According to the sources, tech giant Samsung is the only OEM that has rolled out the July Security Bulletin even before the tech giant Google officially rolls it out to its Nexus and Android One series. Moreover, there is currently no information available on the active exploitation of the vulnerabilities patched by the hackers.