image credit: flickr

Google October Android Security Update Fixes Critical RCE Flaws

October 8, 2019


Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code.

The remote code execution (RCE) flaws are part of Google’s October 2019 Android Security Bulletin, which deployed fixes for high and critical-severity vulnerabilities tied to nine CVEs overall. Qualcomm, whose chips are used in Android devices, also patched 18 high and critical-severity vulnerabilities.

The three critical flaws (CVE-2019-2184, CVE-2019-2185, CVE-2019-2186) exist in Android’s Media framework.

Read More on Threat Post