The flaws, disclosed by security firm Check Point, could open hundreds of millions of Android products with Qualcomm chips to malware.
Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device.
The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws.
An attacker would have to trick a user into installing a malicious app, which wouldn't require any special permissions.
If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware -- including its camera and microphone.
Google's own branded Nexus 5X, Nexus 6, and Nexus 6P devices are affected, as are Samsung's Galaxy S7 and S7 Edge, to name just a few of the models in question. The recently-announced BlackBerry DTEK50, which the company touts as the "most secure Android smartphone," is also vulnerable to one of the flaws.
A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed.
You can read more of this story on our sister site ZDNet.