Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.
A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level.
Tracked as CVE-2020-0103, the most important of these vulnerabilities resides in Android System and was found to impact Android 9 and Android 10.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its advisory.
The issue was addressed as part of the 2020-05-01 security patch level, along with seven other System bugs: four high severity elevation of privilege flaws, two high risk information disclosure issues, and one moderate severity information disclosure.
The remaining seven vulnerabilities fixed with the 2020-05-01 security patch level include three bugs in Framework, all elevation of privilege flaws (one critical and two high risk), and four issues in Media framework, all high severity (one elevation of privilege and three information disclosure).
No security issues were addressed in Google Play system updates (Project Mainline) this month.
The 2020-05-05 security patch level addresses two vulnerabilities in Kernel components (high severity elevation of privilege and information disclosure), four bugs in MediaTek components (high risk information disclosure), eight flaws in Qualcomm components (high severity), and ten issues in Qualcomm closed-source components (one critical, nine high severity).
Google this month patched a total of seven vulnerabilities in Pixel devices, all of which feature a moderate severity rating.
These flaws impact Kernel components (elevation of privilege in audio driver and airbrush, DoS in virtual hosting), Qualcomm components (two bugs in audio), and Qualcomm closed-source components.
“For Google devices, security patch levels of 2020-05-05 or later address all issues in this bulletin and all issues in the May 2020 Android Security Bulletin,” Google explains in the Pixel Update Bulletin for May 2020.
Related: Google Patches Critical RCE Vulnerabilities in Android’s System Component
Related: Google Patches Critical Remotely Exploitable Android Bug
Related: Android’s February 2020 Update Patches Critical System Vulnerabilities