Security News > 2020 > January > Google Fixes Critical Android RCE Flaw
Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code.
Google said its' critical vulnerability exists in Android's Media framework, which includes support for playing a variety of common media types, so that users can easily utilize audio, video and images.
Twenty-nine CVEs - all high-severity except for one critical one - were also patched, related to Qualcomm components, which are used in Android devices.
Manufacturers of Android devices typically push out their own patches to address updates in tandem with or after the Google Security Bulletin.
The December 2019 Android Security Bulletin deployed fixes for critical, high and medium-severity vulnerabilities tied to 15 CVEs overall.
News URL
https://threatpost.com/google-fixes-critical-android-rce-flaw/151605/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)