Security News > 2020 > January > Google Fixes Critical Android RCE Flaw

Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code.
Google said its' critical vulnerability exists in Android's Media framework, which includes support for playing a variety of common media types, so that users can easily utilize audio, video and images.
Twenty-nine CVEs - all high-severity except for one critical one - were also patched, related to Qualcomm components, which are used in Android devices.
Manufacturers of Android devices typically push out their own patches to address updates in tandem with or after the Google Security Bulletin.
The December 2019 Android Security Bulletin deployed fixes for critical, high and medium-severity vulnerabilities tied to 15 CVEs overall.
News URL
https://threatpost.com/google-fixes-critical-android-rce-flaw/151605/
Related news
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New North Korean Android spyware slips onto Google Play (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)