Security News > 2020 > January > Google Fixes Critical Android RCE Flaw
Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code.
Google said its' critical vulnerability exists in Android's Media framework, which includes support for playing a variety of common media types, so that users can easily utilize audio, video and images.
Twenty-nine CVEs - all high-severity except for one critical one - were also patched, related to Qualcomm components, which are used in Android devices.
Manufacturers of Android devices typically push out their own patches to address updates in tandem with or after the Google Security Bulletin.
The December 2019 Android Security Bulletin deployed fixes for critical, high and medium-severity vulnerabilities tied to 15 CVEs overall.
News URL
https://threatpost.com/google-fixes-critical-android-rce-flaw/151605/
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)