Security News > 2020 > March > Google Patches Critical Remotely Exploitable Android Bug
Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework.
The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.
The critical vulnerability is a remote code execution flaw tracked as CVE-2020-0032, which impacts devices running Android 8.0, 8.1, 9, and 10.
"This is a vulnerability within approximately two dozen MediaTek chipsets that are in millions of Android devices. Because this is a hardware vulnerability, it cannot be patched by Google with an over the air update to the Android operating system. If you have a device running a MediaTek chipset, you should add mobile security that detects when your device is rooted by a third party to protect from attacks using this vulnerability," Lookout's Chris Hazelton told SecurityWeek in an emailed comment.
This month, Google also published a large security bulletin for Pixel devices, which describes over 50 additional vulnerabilities that are patched on Google devices running security patch levels of 2020-03-05 or later.
News URL
Related news
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement (source)
- Google backports fix for Pixel EoP flaw to other Android devices (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68% (source)
- Google sees 68% drop in Android memory safety flaws over 5 years (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-10 | CVE-2020-0032 | Out-of-bounds Write vulnerability in Google Android In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. | 9.3 |