Google released a security bulletin on April 1 to fix a number of high-risk vulnerabilities in Android.
Major Android vendors, including Samsung, Pixel and LG, have received notifications at least a month before the announcement. Within 48 hours after the announcement, Google will also release the source code of the security patch to the Android Open Source Project (AOSP) repository.
Among them, the highest level of risk is a serious security vulnerability in the media framework (media framwork), which allows an attacker to transfer the changed file to remotely execute arbitrary code with permissions. Both CVE-2019-2027 and CVE-2019-2028 are included in this media framework.
Some of the vulnerabilities in the Android framework where CVE-2019-2026 is located allow local attackers to gain additional privileges through user interaction. The remaining items are in the running system, where a critical vulnerability could allow a local malicious application to gain access to arbitrary code.
Currently, the security patch level of 2019-04-01 or later has resolved the issue. Google is expected to release a second wave of security patches on April 5th to resolve any issues related to it. Users can check and update the Android version to check the security patch level of the device.