Google Patches ‘Critical’ Android Flaws

Google has patched a serious Android bug that could allow remote attackers to execute malicious code on devices running the software.

The bug, which affects the Media framework in Android versions 6.x Marshmallow to 8.1 Oreo, involves the use of a specially crafted file and can execute arbitrary code within the context of a privileged process.

Google ranked the issue as ‘critical’ based on the effect exploiting it would have if mitigations were turned off or bypassed. Security software such as Google Play Protect can block attacks attempting to exploit the bug.

The company said it wasn’t aware of any reports that the bug or the others released in its March security update were being actively exploited.

The Pixel XL 2. Credit: Google

Eleven ‘critical’ flaws

Google’s Android Security Bulletin for March lists a total of 37 vulnerabilities, 11 of which are ranked as critical, including four affecting the Media framework.

Three of those bugs allowed remote code execution, with the fourth permitting attackers to obtain higher privileges, and thus to penetrate more deeply into the system.

Four bugs in the Android System allow attackers to execute remote code, as do two affecting Qualcomm components. Issues affecting Kernel and Nvidia components were considered less severe, with some allowing local malicious applications to execute code.

Google said it would release updated factory images for Pixel and Nexus devices immediately, with over-the-air (OTA) updates set to follow soon. Updates from other device manufacturers usually follow some time after Google’s initial patches.

Users who don’t want to wait for the OTA updates can manually apply the images to their devices using desktop-based software.

Google said it would release the patches to the Android Open Source Project (AOSP) repository within the next 48 hours.

What do you know about mobiles past and present? Try our quiz and find out!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Plans Temporary Ban On New Crypto Mining Data Centres

Norway reportedly seeks to impose temporary ban on new data centres mining crypto, to conserve…

1 day ago

BBC Warns Perplexity Of Legal Action Over Content Use

British broadcaster BBC alleges US-based Perplexity is reproducing BBC content “verbatim” without its permission

1 day ago

Waymo Applies For New York Testing Permit

Congested streets of New York targetted by Waymo for testing, even though full robotaxis are…

1 day ago

Apple ‘Premium’ Priced Folding iPhones Expected In 2026, 2027

Foxconn is expected to begin a foldable iPhone project later this year, says analyst, with…

2 days ago

Microsoft To Axe Thousands Of Sales Staff – Report

More job losses for Microsoft, after report tech giant is planning to cut thousands of…

2 days ago

SpaceX Starship Explodes On Launch Pad

Another setback? Elon Musk's SpaceX rocket explodes into giant fireball during testing at Starbase facility…

2 days ago