Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android’s May 2020 Patches Fix Critical System Vulnerability

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.

A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level.

Tracked as CVE-2020-0103, the most important of these vulnerabilities resides in Android System and was found to impact Android 9 and Android 10.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its advisory.

The issue was addressed as part of the 2020-05-01 security patch level, along with seven other System bugs: four high severity elevation of privilege flaws, two high risk information disclosure issues, and one moderate severity information disclosure.

The remaining seven vulnerabilities fixed with the 2020-05-01 security patch level include three bugs in Framework, all elevation of privilege flaws (one critical and two high risk), and four issues in Media framework, all high severity (one elevation of privilege and three information disclosure).

No security issues were addressed in Google Play system updates (Project Mainline) this month.

The 2020-05-05 security patch level addresses two vulnerabilities in Kernel components (high severity elevation of privilege and information disclosure), four bugs in MediaTek components (high risk information disclosure), eight flaws in Qualcomm components (high severity), and ten issues in Qualcomm closed-source components (one critical, nine high severity).

Google this month patched a total of seven vulnerabilities in Pixel devices, all of which feature a moderate severity rating.

These flaws impact Kernel components (elevation of privilege in audio driver and airbrush, DoS in virtual hosting), Qualcomm components (two bugs in audio), and Qualcomm closed-source components.

“For Google devices, security patch levels of 2020-05-05 or later address all issues in this bulletin and all issues in the May 2020 Android Security Bulletin,” Google explains in the Pixel Update Bulletin for May 2020.

Related: Google Patches Critical RCE Vulnerabilities in Android’s System Component

Related: Google Patches Critical Remotely Exploitable Android Bug

Related: Android’s February 2020 Update Patches Critical System Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.