Overall, Google is patching eight critical vulnerabilities in Android, including one in the much-maligned media server component. Android’s media server and related libraries have been under scrutiny from security researchers since June 2015, when the first Stagefright flaw was revealed.
To date, Google has patched more than 115 media server-related CVE (Common Vulnerabilities and Exposures) flaws in Android. The new CVE-2016-3862 being fixed in the September Android update is a remote code execution vulnerability that Tim Strazzere, director of mobile research at SentinelOne, discovered.