According to Android Security Bulletin, Google patched 11 critical bugs in Android mobile operating system in March. Seven of these patched flaws are remote code execution bugs. In addition, more 26 high severity vulnerabilities were patched.
One of the most serious vulnerabilities is critical security flaw detected in the Media Framework detail of the Android operating system. Google added that this bug is able to enable a remote cyber criminal to apply a specially crafted file in order to perform arbitrary code.
The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
According to Google, there is no information about the vulnerability being exploited. An over-the-air updates and firmware images are available for Google devices including Pixeland Nexus and third-party carriers will upgrade to vendor mobile phones.
Rest of the most severe system vulnerabilities were detected being a critical remote code execution but that according to Google are able to “enable a proximate attacker to execute arbitrary code within the context of a privileged process.”
Google’s Android Security Bulletin also mentioned patches for vulnerabilities in NVIDIA and Qualcomm elements applied in Android mobile devices. Other two disclosed bugs that were rated as high severity, were patched by NVIDIA and eleven wireless network driver, as well as WLAN Qualcomm vulnerabilities that were also patched in March 2018.
Android Security Bulletins are separated from Pixel/Nexus Security Bulletin.
Security vulnerabilities that are documented in the Android Security Bulletins are required in order to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin, are not required for declaring a security patch level.
In addition, together with the Google patches, Samsung Mobile indicated five patched for Samsung-related flaws. The Most severe flaw was identified as high severity and described as “Accessing the Clipboard content using Edge panel” vulnerability.
According to Samsung’s Bulletin, “The clipboard edge allows attackers to access device information without user authentication for a short period after locking screen once. The patch protects contents of clipboard using a screen lock type when turning the Clipboard Edge on.”
Another flaw rated as low severity disabled Near Field Communication or NFC activation when a magnet is brought close to some particular point of the handset.