Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity. The bug was patched as part of the 2021-04-01 security patch level.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains in its advisory.

Five other vulnerabilities were addressed in the System component: three elevation of privilege and two information disclosure issues. All of these feature a severity rating of high.