Three critical Remote Code Execution vulnerabilities (CVE-2019-2184, CVE-2019-2185, CVE-2019-2186), were found in the Android Media Framework.
These vulnerabilities affect a large number of Android models and versions, specifically ones with a Qualcomm chip. Models include LG, Samsung, Google, Huawei, and Xiaomi. Versions include 7.1.1, 7.1.2, 8.0, 8.1, and 9.
Remote attackers could use a specially crafted file to execute code, which could lead to attacker installing malicious apps and being able to view/edit data on the device.
While Android updates are dependent on the manufacturers, users should apply the latest security patch when made available by their carrier.
Google and LG have already rolled out patches in the October Security Update. Samsung will be rolling out the patch in their October Security Update.