The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.
The critical vulnerability is a remote code execution flaw tracked as CVE-2020-0032, which impacts devices running Android 8.0, 8.1, 9, and 10.
According to Google’s advisory, the vulnerability “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”
Other two flaws were addressed in the media framework, both rated high severity, namely an elevation of privilege (CVE-2020-0033) and an information disclosure (CVE-2020-0034). The former impacts Android 8.0, 8.1, 9, and 10, while the latter only impacts Android 8.0 and 8.1.