Security News > 2020 > March > Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.
The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.
The rootkit will run beneath the security protections of the Android kernel, and can spy on you and mess with applications without you realizing what's going on.
Of those, one was found in the Android framework, two in the media framework, and six in the Android system software.
Four elevation-of-privilege flaws were also located and patched in the Android kernel.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/google_march_android_fixes/
Related news
- Drozer: Open-source Android security assessment framework (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- 73% of SME security pros missed or ignored critical alerts (source)
- 10 Critical Endpoint Security Tips You Should Know (source)
- DHS establishes AI Safety and Security Board to protect critical infrastructure (source)
- U.S. Government Releases New AI Security Guidelines for Critical Infrastructure (source)
- Critical infrastructure security will stay poor until everyone pulls together (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-0032 | Out-of-bounds Write vulnerability in Google Android In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. | 9.3 |