Google patches critical Android remote code execution flaw

Google has released a security update to address a critical remote code execution vulnerability, CVE-2026-0073, within the Android System component. This flaw could allow attackers to execute code as the shell user without requiring additional permissions or any user interaction, potentially leading to a full device compromise, according to a recent report by Security Affairs.

The vulnerability specifically impacts the Android Debug Bridge daemon ("adbd"), a background process that facilitates communication between an Android device and a computer via the Android Debug Bridge tool. Exploitation of this flaw could enable remote code execution without user consent. Google has stated it is unaware of any public exploits or active attacks in the wild targeting CVE-2026-0073.

This patch comes after a previously disclosed Qualcomm component vulnerability (CVE-2026-21385) in the Graphics component, which was actively exploited and could lead to the exposure of sensitive memory data. The ongoing discovery and patching of such critical vulnerabilities highlight the persistent security risks faced by Android users and the importance of timely software updates.

Source: Security Affairs