Google released its April Android security patches, which handles three critical vulnerabilities.
Google’s monthly Android update includes two patch levels immediately available to Google’s own Pixel devices and have gone out to other Android device makers to distribute.
The 2019-04-01 patch level includes fixes for two critical remote code execution flaws affecting the Media framework.
The Media framework bugs, CVE-2019-2027 and CVE-2019-2028, affect Android 7 and up and “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” according to Google’s bulletin.
The most severe vulnerability in the system area is a RCE issue CVE-2019-2029 that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
The second part of this month’s security fixes, included in the 2019-04-05 security patch level, addresses over 75 vulnerabilities in System and open and closed-source Qualcomm components.