The critical-severity flaws include a remote-code-execution flaw in Google’s Android System component (CVE-2021-0316), the core of the Android operating system.

Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.

That’s because the bugs, located in the Android System component, could enable a specially crafted transmission to execute arbitrary code within the context of a privileged process.

IBM's x-force application security research team has discovered a security vulnerability in the way that Android handles deserialization and allows for arbitrary code execution and privilege ...