The addressed issues include remote code execution bugs, elevation of privilege flaws, and information disclosure vulnerabilities, along with a denial of service. Impacted components include Framework, Media framework, System, and Qualcomm components.
“The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.
The Internet giant also announced that the Libxaac library has been marked as experimental and is no longer used in production of Android builds. The reason for this is the discovery of multiple vulnerabilities in the library, and Google lists 18 CVEs impacting it.