Google released the first batch of security patches for Android in 2019 that addressed tens of flaws, the most severe of them is the CVE-2018-9583 issue.
The CVE-2018-9583 flaw is a critical remote code execution vulnerability affecting the System, it was included in the 2019-01-01 security patch level.
A remote attacker could exploit the flaw using a specially crafted file to execute arbitrary code within the context of a privileged process.
The 2019-01-01 security patch level addresses a total of 13 security flaws.
Google addressed only one flaw in Framework, tracked as CVE-2018-9582 it was rated as a High severity and affects Android versions 8.0, 8.1, and 9.
The other 12 vulnerabilities affecting the System component are:
The 2019-01-05 security patch level addressed a total of 14 vulnerabilities in Kernel components (7), NVIDIA components (1), Qualcomm components (3), and Qualcomm closed-source components (3).
The most severe issue is the CVE-2018-11847 flaw, a Critical bug affecting a Qualcomm closed-source component that could allow local malicious applications to execute arbitrary code within the context of a privileged process.
(SecurityAffairs – Android, security patches)