Security News > 2020 > April > Google Patches Critical RCE Vulnerabilities in Android's System Component

Google this week released the April 2020 set of security patches for the Android operating system to address over 50 vulnerabilities, including four critical issues in the System component.
"The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google notes in an advisory.
Patches for eight other issues were included in the 2020-04-01 security patch level, namely six vulnerabilities in the Framework component, and two in Media framework.
The second part of Google's April 2020 Android Security Bulletin will arrive on devices as 2020-04-05 security patch level, delivering patches for 43 vulnerabilities.
On Google devices, a security patch level of 2020-04-05 or later addresses all of the vulnerabilities included in the Android Security Bulletin-April 2020 and Pixel Update Bulletin-April 2020.
News URL
Related news
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)