Android September fixes close to 60 vulnerabilities in the operating system, Google officials said.
The September Android Security Bulletin comes in two parts, the 2018-09-01 security patch level, which resolves 24 bugs, and the 2018-09-05 security patch level, which handles 35 bugs.
Five of the vulnerabilities patched with the 2018-09-01 security patch level rated critical. Three of those patches were for elevation of privilege bugs that impact system, while the other two are remote code execution flaws in media framework.
“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google said in an advisory.
Google also addressed high risk vulnerabilities in Android runtime, framework, library, media framework and system, as well as two medium severity issues in media framework and system.
Most of the addressed vulnerabilities impact Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9.0, but some were only found to affect Android 8.0 and newer platform releases.
Of the 35 flaws taken care of in the 2018-09-05 security patch level, 6 are critical, 27 are high risk flaws, and two are medium severity.
The bugs were in Framework, Kernel components, Qualcomm components, and Qualcomm closed-source components.