The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. The vulnerabilities pose a high risk for consumers as well as business and government institution users, the company said. The most severe of these is a critical security vulnerability in the System component of Android that could enable a remote attacker to execute arbitrary code within the context of a privileged process. The potential for exploitation depends on the privilege status of an application, according to the Center for Internet Security s advisory on the flaw.
Source: https://threatpost.com/google-android-rce-bug-full-device-access/155460/