Security News > 2020 > August > High-Severity Android RCE Flaw Fixed in August Security Update

High-Severity Android RCE Flaw Fixed in August Security Update
2020-08-05 16:14

Overall, 54 high-severity flaws were patched as part of Google's August security updates for the Android operating system, released on Monday.

The RCE flaw, the most serious of these flaws, exists in the Android Framework, which is a set of APIs - consisting of system tools and user interface design tools - that allow developers to quickly and easily write apps for Android phones.

Several flaws were also fixed in the Kernel components used in Android, including an EoP flaw in the SELinux component and one in the Linux USB Subsystem; as well as an information disclosure flaw in the Linux Wireless Subsystem.

Samsung said in an August security maintenance release that it is releasing several of the Android security bulletin patches, including those addressing critical flaws, CVE-2020-3699 and CVE-2020-3698, to major Samsung models.

In June, Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution on Android mobile devices.


News URL

https://threatpost.com/high-severity-android-rce-flaw-fixed-in-august-security-update/158049/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-30 CVE-2020-3698 Out-of-bounds Write vulnerability in Qualcomm products
Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM8150, SM8250, SXR2130
network
low complexity
qualcomm CWE-787
critical
9.8
2020-07-30 CVE-2020-3699 Classic Buffer Overflow vulnerability in Qualcomm products
Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
network
low complexity
qualcomm CWE-120
critical
9.8