Security News > 2020 > January > Android's January 2020 Update Patches 40 Vulnerabilities
Google on Monday published the first Android security bulletin for 2020, with patches for 40 vulnerabilities, including a critical flaw in the Media framework.
The Android Security Bulletin for January 2020 was split into two parts: the first addresses 7 vulnerabilities in Framework, Media framework, and System, while the second includes fixes for 33 security flaws in Kernel, Qualcomm, and Qualcomm closed-source components.
Tracked as CVE-2020-0002, the vulnerability is only considered critical in Android 8.0, 8.1, and 9 releases, but features a moderate risk rating on Android 10.
Of the three flaws patched in Framework, two are elevation of privilege bugs - one affects Android 8.0, 8.1, 9, and 10, while the other only impacts Android 8.0 - and one is a denial of service issue affecting Android 8.0, 8.1, 9, and 10.
The second part of this month's Android security update, namely the 2020-01-05 security patch level, includes fixes for four bugs in Kernel components, eleven flaws in Qualcomm components, and eighteen issues in Qualcomm closed-source components.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2020-0002 | Use After Free vulnerability in Google Android In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. | 9.3 |