Google is rolling out its largest security patch for Android, fixing over a hundredvulnerabilities in the operating system, including patchesfor the infamous Qualcomm-related flaws. The search giant has split this month's security update in two parts: one fixes 33 flaws that affect all of Android devices, and another brings patches to 75 driver- and device-specific vulnerabilities.

This is the first time we are seeing Google dividing the monthly update in two parts, and that has a good reason behind it. In the past weeks, we have seen a number of device and driver specific vulnerabilities, affecting some devices, and the two-part Android security release is designed to ensure speedy delivery across all devices. "This bulletin has two security patch level strings in order to provide Android partners with the flexibility to move more quickly to fix a subset of vulnerabilities that are similar across all Android devices," Google saidin its July Android securitybulletin.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

A Huge number of flaws fixed in the July Android security patch

The July update brings fixes for a total number of 108 vulnerabilities, fixing bugs in the Qualcomm Secure Execution Environment (QSEE) that could be exploited to bypass Android's Full Device Encryption (FDE) among others.The latest security patch from Google also brings fixes for bugs in:

Qualcomm GPU, Bluetooth, camera, USB, and WiFi14 vulnerabilities were resolved in Mediasever, including 7 that were rated critical, including:Denial of service vulnerabilityInformation disclosure vulnerabilityElevation of privilege vulnerabilityRemote code execution vulnerability in OpenSSL and BoringSSLFixes for MediaTek drivers:Elevation of privilege vulnerability in MediaTek Wi-Fi driverElevation of privilege vulnerability in MediaTek driversElevation of privilege vulnerability in MediaTek power driverElevation of privilege vulnerability in MediaTek hardware sensor driver, video driver, GPS driver, power management driver, display driver, video codec driverNVIDIAdriver fixes:Elevation of privilege vulnerability in NVIDIA video driver, camera driverInformation disclosure vulnerability in NVIDIA camera driver

From critical privilege escalation flaws to some vulnerabilities being rated of high and medium severity, there is a long list of fixes that have arrived following the Independence weekend. Google has said that there is no reportedactive exploitation or abuse of these newly reported flaws.

This is a summary of the mitigations provided by the Android security platform and service protections such as SafetyNet. Thesecapabilities reducethe likelihood that security vulnerabilities could be successfully exploited on Android.

Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.

July's Android securityupdates are already available for Nexus devices, and we hope to see latest Samsung devices to receive the security fixes very soon too. BlackBerry has also promised that the patchwill shortly arrive on devices. Users are strongly advised toinstall the Android security updates as soon as they land on your device.