The most important of these flaws is a critical bug in System that could be exploited to execute arbitrary code remotely. To exploit the vulnerability, an attacker needs to use a specially crafted transmission, Google explains.
This is one of the two critical remote code execution issues patched in System, both affecting Android releases 8.0 through 10. The vulnerabilities are tracked as CVE-2020-0117 and CVE-2020-8597.
Google also released patches for two high-severity issues in System that could be exploited for information disclosure, but which impact Android 10 only.