Android has announced a weakness in all Android systems from the first version 7 Nougat to 9 Pie.
The most severe of these problems is a serious security vulnerability in the system’s operating system that could allow a remote attacker to exploit your download of a PNG image that is designed to allow arbitrary commands to be executed on your computer. That the severity assessment depends on the impact that exploiting the vulnerability may have on an affected device
Android Security Bulletin reported:
We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
2019-02-01 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2019-02-01 patch level. Vulnerabilities are grouped under the component they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, such as the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
The most severe vulnerability in this section could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.
|CVE||References||Type||Severity||Updated AOSP versions|
|CVE-2019-1987||A-118143775 ||RCE||Critical||7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9|
|CVE-2019-1988||A-118372692||RCE||Critical||8.0, 8.1, 9|