The Android security patch for May fixes multiple security vulnerabilities, where the most severe is an issue in Media framework.
“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” said the Android security advisory.
The Android security patch includes the 2019-05-01 and 2019-05-05 security patch levels, which contain 30 security fixes for the Android Framework, Media framework, Android System, Kernel components, and Nvidia components, Broadcom components, as well as Qualcomm components, including closed-source ones.
The security patch is going out to all supported devices, including the Google Pixel, Google Pixel XL, Google Pixel 2, Google Pixel 2 XL, Google Pixel 3, and Google Pixel 3 XL. Essential Phone users should also be among the first to receive the patch.
“We have had no reports of active customer exploitation or abuse of these newly reported issues,” said the advisory.
In addition, there are three critical vulnerabilities in the system, where the most severe vulnerability could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process.
The vulnerabilities are CVE-2019-2045, CVE-2019-2046 and CVE-2019-2047, which are remote code execution vulnerabilities (RCE).