Google Fixes Two Critical Android Code Execution Vulnerabilities

[silversurfer]

Two critical remote code execution (RCE) and nine high severity elevation of privileges (EoP) and information disclosure (ID) vulnerabilities were fixed by Google in the Android Open Source Project (AOSP) as part of security patch level 2019-04-01.
 
The security issues tracked as CVE-2019-2027 and CVE-2019-2028 as part of the 2019-04-01 security patch level are critical vulnerabilities impacting the Media framework which could allow potential remote attackers to make use of specially crafted files "to execute arbitrary code within the context of a privileged process."

As detailed in the security bulletin, the two critical vulnerabilities impact all Android 7.0 or later devices but users should be safe against attacks after applying the latest Android security patch.

Including these two security flaws, Google has patched a total of 11 security vulnerabilities within AOSP, two of them being rated critical severity, while 9 have received a high severity level rating.

SOURCE: https://www.bleepingcomputer.com/news/se...abilities/

[Deep900]

Also on Android devices security updates are fundamental, some people think is not always necessary to perform new updates, well, actually it is very important to solve this kind of issues. Remote Code Execution vulnerabilities are a serious issue and not so rare. Thanks for posting this silver!