The full Android Security Bulletin that was published this afternoon — linked below this story — details critical fixes to the media framework where malicious actors could use
a special filetype to remotely execute code on a device that are on the July 1 level patch.