Two critical remote code execution (RCE) and nine high severity elevation of privileges (EoP) and information disclosure (ID) vulnerabilities were fixed by Google in the Android Open Source Project (AOSP) as part of security patch level 2019-04-01. The two critical vulnerabilities impact all Android 7.0 or later devices but users should be safe against attacks after applying the latest Android security patch. Google also says all Android partners were alerted of all issues disclosed in this update at least a month prior to today’s public disclosure.
Source: https://www.bleepingcomputer.com/news/security/google-fixes-two-critical-android-code-execution-vulnerabilities/