The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed ‘Broadpwn’ that impacts both Android and iOS devices.

Google patched a critical hole in its problematic Android Mediaserver component that could have allowed an attacker to use email, web browsing, and MMS processing of media files to remotely execute code.

Google today patched Nexus devices in an over-the-air update against a critical vulnerability that could be exploited by an attacker on the same Wi-Fi network. The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The patches were pushed out in builds LMY49G or later...