A severe media framework security vulnerability that affected many Android devices put them at risk of being meddled with by outside malicious attackers who inject foreign files into the system to carry out their own commands in the command queue of an integral and privileged system process. It did not take Android a consumer complaint lodging to roll out this update. It was discovered by the operating systems developers during an in-depth system security and framework analysis, and the update to patch the vulnerability was sent out in the July Android security update, recently, to resolve the concern before any attacker takes advantage of the vulnerability posed. As we expect older models of phones to stop receiving updates, to the surprise of many, the Samsung Galaxy S5 , which was released just over 4 years ago on the 11th of April, 2014, was included as a part of this integral Android update.
To mitigate the consequences, Android has undertaken two primary objectives. The first allows the company’s security team to strictly filter through and black list any applications on the Google Play Store that could possibly harm device systems or carry out any malicious activity; Google Play Protect works to ensure this. The second mitigative action is the Android update that google has released for its devices including the flagship Samsung Galaxy S5. The vulnerabilities in this update could allow for an outsider to gain unauthorized access to the device’s framework, media framework, and system to carry out unwarranted processes that could steal the user’s data or damage the system. This update resolves two framework vulnerabilities that risk this, as well as five media framework vulnerabilities, and four system vulnerabilities. All of the vulnerabilities were marked as critical or high in severity and so this update was considered mandatory for older devices that are still in use as well. Details regarding the bugs’ identification information, test codes, and source code packages have been made available on the Android Open Source Project website in the Android Security Bulletin for July 2018.
The July Update for Android was released in two patches: 2018-07-01 and 2018-07-05 which combined to mend many loopholes in the system and kernel components. These updates resolved as many as 43 high to critical grade security vulnerabilities, some of which were known to specifically impact Qualcomm components in the device.