The July security patch is widely rolling out today following some Pixel 3a and Pixel 3a XL units receiving a Googler-only OTA two weeks ago. It features the usual collection of bug fixes, with factory images and OTAs now available.
There are 12 issues resolved in the July security patch dated 2019-07-01 and 21 for 2019-07-05. Vulnerabilities range from high to critical, with the most severe relating to the media framework and a remote attacker possibly executing arbitrary code through a crafted file.
In the Android Security & Privacy 2018 Year in Review, Google notes that “no critical security vulnerabilities affecting the Android platform were publicly disclosed without a security update or mitigation available for Android devices.” Additionally, there was an 84% year-over-year jump in security patches during Q4 2018 compared to the prior year.
According to Google, there were “no reports of active customer exploitation or abuse of these newly reported issues.”
The dedicated bulletin for Google’s phones and tablets lists no additional security fixes and five functional updates. This patch “improves ‘OK Google’ and music detection” on the Pixel 2 and up, while all phones benefit from improved Unicode Japanese language support.
The Pixel 3 and Pixel 3a sees a fix for “some devices getting stuck during boot,” as well as “some devices getting stuck in EDL mode with a blank screen.” Lastly, there are performance improvements for the Titan M module.
- Pixel 3a XL: Android 9.0 — PQ3B.190705.003 — Factory Image — OTA
- Pixel 3a: Android 9.0 — PQ3B.190705.003 — Factory Image — OTA
- Pixel 3 XL: Android 9.0 — PQ3A.190705.003 — Factory Image — OTA
- Pixel 3: Android 9.0 — PQ3A.190705.003 — Factory Image — OTA
- Pixel 2 XL: Android 9.0 — PQ3A.190705.001 — Factory Image — OTA
- Pixel 2: Android 9.0 — PQ3A.190705.001 — Factory Image — OTA
- Pixel XL: Android 9.0 —PQ3A.190705.001 — Factory Image — OTA
- Pixel: Android 9.0 — PQ3A.190705.001 — Factory Image — OTA