Google this week released the April 2020 set of security patches for the Android operating system to address over 50 vulnerabilities, including four critical issues in the System component.
All of the four critical bugs addressed this month in Android’s System could lead to remote code execution, and all impact Android 8.0, 8.1, 9, and 10. Fixes for the flaws will be delivered to all devices running the 2020-04-01 security patch level or newer.
The vulnerabilities are tracked as CVE-2020-0070, CVE-2020-0071, CVE-2020-0072, and CVE-2020-0073.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google notes in an advisory.
Patches for eight other issues were included in the 2020-04-01 security patch level, namely six vulnerabilities in the Framework component (four high risk elevation of privilege, one high severity information disclosure, and one moderate risk information disclosure), and two in Media framework (both high severity elevation of privilege flaws).
The second part of Google’s April 2020 Android Security Bulletin will arrive on devices as 2020-04-05 security patch level, delivering patches for 43 vulnerabilities.
These include components such as Framework (one high severity information disclosure), Kernel components (three high risk elevation of privilege bugs), FPC components (a high risk elevation of privilege bug and two moderate severity information disclosure issues), Qualcomm components (one critical and five high severity), and Qualcomm closed-source components (eight critical and twenty-two high risk).
Google also released a new set of security patches for Pixel devices to address a total of 14 vulnerabilities: two in Kernel components, nine in Qualcomm components, and three in Qualcomm closed-source components. All of these bugs feature a moderate severity rating.
On Google devices, a security patch level of 2020-04-05 or later addresses all of the vulnerabilities included in the Android Security Bulletin—April 2020 and Pixel Update Bulletin—April 2020.
Related: Google Patches Critical Remotely Exploitable Android Bug
Related: ‘Cookiethief’ Android Malware Hijacks Facebook Accounts
Related: Android’s February 2020 Update Patches Critical System Vulnerabilities
More from Ionut Arghire
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
- Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
- Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
Latest News
- Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
- LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
- Blockchain Security Firm True I/O Raises $9 Million
- Spera Banks $10 Million to Tackle Identity and Access Sprawl
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
