Security News > 2020 > March > Google Patches Critical Remotely Exploitable Android Bug
Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework.
The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.
The critical vulnerability is a remote code execution flaw tracked as CVE-2020-0032, which impacts devices running Android 8.0, 8.1, 9, and 10.
"This is a vulnerability within approximately two dozen MediaTek chipsets that are in millions of Android devices. Because this is a hardware vulnerability, it cannot be patched by Google with an over the air update to the Android operating system. If you have a device running a MediaTek chipset, you should add mobile security that detects when your device is rooted by a third party to protect from attacks using this vulnerability," Lookout's Chris Hazelton told SecurityWeek in an emailed comment.
This month, Google also published a large security bulletin for Pixel devices, which describes over 50 additional vulnerabilities that are patched on Google devices running security patch levels of 2020-03-05 or later.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-0032 | Out-of-bounds Write vulnerability in Google Android In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. | 8.8 |