Google patched a critical security vulnerability in the Media Framework of its Android operating system. The flaw (CVE-2020-0245) allows RCE in Android versions 8.0, 8.1 and 9 but that severity is lowered to high and the impact instead is information disclosure for Android version 10.0. Overall, Google fixed flaws tied to 53 CVEs as part of its September security updates for the Android system, released on Tuesday. Qualcomm, whose chips are used in Android devices, patched a mix of high and critical-severity vulnerabilities tied to 22.
Source: https://threatpost.com/google-critical-bug-android/159086/