Security News > 2020 > February > Critical Android flaws patched in February bulletin

Google has patched some serious bugs in Android, including a couple of critical flaws that could let hackers run their own code on the mobile operating system.

What Google does tell us in its February 2020 advisory is that it lies in the system component of Android, which contains the system apps that ship with the OS. It's a remote code execution bug in the context of a privileged process, giving the attacker a high level of access to the operating system, and it applies to versions 8.0, 8.1, and 9 of the Android Open-Source Project, on which the various phone implementations of Android are based.

Aside from six in Android's system component, there are seven in the Android Framework, which contains the Java APIs for the OS. All the Framework bugs are ranked high, with some extending back to version 8.0 of the AOSP. The worst one could enable a malicious application to gain extra privileges by bypassing use interaction requirements, the developers said.

The Android security bulletin contains two patch levels.

Users of other companies' Android products should wait until they fold the patches into their own Android implementations.

News URL

https://nakedsecurity.sophos.com/2020/02/05/critical-android-flaws-patched-in-february-bulletin/