today detailed the September security patches for Android devices. The company says it discovered a number of vulnerabilities impacting the Android runtime, framework, media framework, and system software. It also found component-level issues with hardware from Qualcomm. Most issues were given a severity rating of "high" but a significant number were listed as "critical." Many could have led to remote code execution. Google says it informed its hardware partners about the issues about 30 days ago. Google does not believe any of the security holes have been exploited by hackers. Google is pushing two updates to its Nexus and Pixel phones, dated September 1 and September 5. It will be up to individual device makers (Samsung, Motorola, et al.) to update their own hardware with the latest patches. Google will provide AOSP with the patches within 48 hours.