Google’s April Android Security Bulletin Warns of 9 Critical Bugs (remote code execution, critical elevation of privilege)

[LASER_oneXM]

Content source

https://threatpost.com/googles-april-android-security-bulletin-warns-of-9-critical-bugs/130936/

Nine vulnerabilities rated critical were patched as part of Google’s Android Security Bulletin for April.

Critical vulnerabilities ranged from two remote code execution vulnerabilities tied to the Android media framework, to a Qualcomm Wi-Fi component flaw that allowed a nearby attacker to use “a specially crafted file to execute arbitrary code within the context of a privileged process.”

Google said firmware updates are available and will be delivered via over-the-air (OTA) updates to Google Pixel and Nexus devices. Updates to other Android devices will be sent via respective OEM device makers and wireless carriers, where applicable. For example, Samsung Mobile announced a maintenance release for its “major flagship models” that included eight Samsung patches being delivered OTA.
In all, Google’s April security update includes 28 fixes; nine rated critical and 19 rated high. Seven of the critical vulnerabilities were tied to the Android OS directly. Each Qualcomm and Broadcom component maker fixed a critical bug.
The Android operating system received the most attention, with Google fixing four remote code execution bugs and one critical elevation of privilege bug.