Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Patches 30 Vulnerabilities With November 2020 Android Updates

Google this week announced the availability of a new set of monthly patches for the Android operating system, containing fixes for a total of 30 vulnerabilities.

The first part of the update, the 2020-11-01 security patch level addresses a total of 17 vulnerabilities in the Android runtime, Framework, Media Framework, and System components.

Google this week announced the availability of a new set of monthly patches for the Android operating system, containing fixes for a total of 30 vulnerabilities.

The first part of the update, the 2020-11-01 security patch level addresses a total of 17 vulnerabilities in the Android runtime, Framework, Media Framework, and System components.

The most serious of the flaws is CVE-2020-0449, a critical bug in System that could be exploited to execute code remotely. The issue impacts Android 8.0, 8.1, 9, 10, and 11.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a proximal attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google explains.

System was the Android component that received patches for the largest number of vulnerabilities this month, at seven. Aside from the aforementioned critical flaw, the remaining issues were high severity: one elevation of privilege, four information disclosure, and one denial of service bug.

Framework comes in second most affected, with six vulnerabilities: two critical issues, both leading to denial of service, and four high-risk bugs, leading to elevation of privilege, information disclosure, and denial of service.

This month’s Android patches also address three vulnerabilities in Framework (leading to information disclosure, remote code execution, and elevation of privilege) and one in Android runtime (a high-risk bug leading to privilege escalation).

Fixes for a total of 13 vulnerabilities were included in the second part of this month’s set of patches, which arrives on devices as the 2020-11-05 security patch level.

Advertisement. Scroll to continue reading.

These issues were identified in MediaTek components (three high-severity flaws) and Qualcomm closed-source components (one critical and nine high-risk bugs).

This week, Google also announced the availability of a separate set of patches for Pixel devices, containing fixes for four bugs in Qualcomm components and Qualcomm closed-source components. All issues are rated moderate severity and are addressed on devices that run a security patch level of 2020-11-05 or later.

This week, Google also released an update for the Chrome browser on Android, to patch a vulnerability already exploited in the wild.

Related: Android’s October 2020 Security Update Patches 48 Vulnerabilities

Related: Android’s September 2020 Patches Fix Critical System Vulnerabilities

Related: Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.