Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android’s May 2020 Patches Fix Critical System Vulnerability

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.

A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level.

Tracked as CVE-2020-0103, the most important of these vulnerabilities resides in Android System and was found to impact Android 9 and Android 10.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its advisory.

The issue was addressed as part of the 2020-05-01 security patch level, along with seven other System bugs: four high severity elevation of privilege flaws, two high risk information disclosure issues, and one moderate severity information disclosure.

The remaining seven vulnerabilities fixed with the 2020-05-01 security patch level include three bugs in Framework, all elevation of privilege flaws (one critical and two high risk), and four issues in Media framework, all high severity (one elevation of privilege and three information disclosure).

No security issues were addressed in Google Play system updates (Project Mainline) this month.

The 2020-05-05 security patch level addresses two vulnerabilities in Kernel components (high severity elevation of privilege and information disclosure), four bugs in MediaTek components (high risk information disclosure), eight flaws in Qualcomm components (high severity), and ten issues in Qualcomm closed-source components (one critical, nine high severity).

Advertisement. Scroll to continue reading.

Google this month patched a total of seven vulnerabilities in Pixel devices, all of which feature a moderate severity rating.

These flaws impact Kernel components (elevation of privilege in audio driver and airbrush, DoS in virtual hosting), Qualcomm components (two bugs in audio), and Qualcomm closed-source components.

“For Google devices, security patch levels of 2020-05-05 or later address all issues in this bulletin and all issues in the May 2020 Android Security Bulletin,” Google explains in the Pixel Update Bulletin for May 2020.

Related: Google Patches Critical RCE Vulnerabilities in Android’s System Component

Related: Google Patches Critical Remotely Exploitable Android Bug

Related: Android’s February 2020 Update Patches Critical System Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.