Security News > 2020 > March > Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great

Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
2020-03-05 22:35

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.

The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.

The rootkit will run beneath the security protections of the Android kernel, and can spy on you and mess with applications without you realizing what's going on.

Of those, one was found in the Android framework, two in the media framework, and six in the Android system software.

Four elevation-of-privilege flaws were also located and patched in the Android kernel.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/google_march_android_fixes/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-10 CVE-2020-0032 Out-of-bounds Write vulnerability in Google Android
In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow.
network
low complexity
google CWE-787
8.8