Security News > 2020 > March > Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.
The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.
The rootkit will run beneath the security protections of the Android kernel, and can spy on you and mess with applications without you realizing what's going on.
Of those, one was found in the Android framework, two in the media framework, and six in the Android system software.
Four elevation-of-privilege flaws were also located and patched in the Android kernel.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/google_march_android_fixes/
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Android 15 unveils new security features to protect sensitive data (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-10 | CVE-2020-0032 | Out-of-bounds Write vulnerability in Google Android In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. | 8.8 |