Two critical remote code execution (RCE) and nine high severity elevation of privileges (EoP) and information disclosure (ID) vulnerabilities were fixed by Google in the Android Open Source Project (AOSP) as part of security patch level 2019-04-01.
The security issues tracked as
CVE-2019-2027 and
CVE-2019-2028 as part of the
2019-04-01 security patch level are critical vulnerabilities impacting the Media framework which could allow potential remote attackers to make use of specially crafted files "to execute arbitrary code within the context of a privileged process."
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
CISA Warns of Microsoft PowerPoint Code Injection Vulnerability Exploited in Attacks
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks![[correlate]](/data/avatars/s/79/79653.jpg?1556985072)
Critical PHP RCE vulnerability mass exploited in new attacks