March security updates for Android released fixed critical and high severity holes in the mobile operating system.
The bulk of the critical vulnerabilities Google fixed could allow an attacker to execute code remotely. Vulnerable components include media framework, system, and kernel, Nvidia, and Qualcomm.
Sixteen vulnerabilities ended up fixed as part of the 2018-03-01 security patch level, with everything split down the middle with eight rated critical severity and eight considered high risk.
The most severe of these vulnerabilities could allow a remote attacker using a specially crafted file to run arbitrary code with high privileges, Google said in an advisory.
Four of the critical flaws and two high risk bugs ended up dealt with in media framework. The remaining four critical vulnerabilities and six high risk issues ended up fixed in system.
The 2018-03-05 security patch level dealt with 21 vulnerabilities, three of which rated critical. All of the remaining bugs were assessed as high risk, Google said.
The flaws affect Kernel components, NVIDIA components, Qualcomm components, and Qualcomm closed-source components.
Google also handled more than 40 vulnerabilities impacting its Pixel / Nexus devices this month, most of them rated Moderate severity.