Google’s March 2020 security updates for Android include the fix for a critical vulnerability, tracked as CVE-2020-0032, that affects the media framework as part of the 2020-03-01 security patch level.
The 2020-03-01 security patch level fixed 11 vulnerabilities in
The CVE-2020-0032 flaw affects devices running Android 8.0, 8.1, 9, and 10 versions.
“The most severe of these issues is a critical security vulnerability in the media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory published by Google.
Google also fixed two high severity issues in the media framework, an elevation of privilege flaw (CVE-2020-0033) and information disclosure bug (CVE-2020-0034).
Google fixed a vulnerability (CVE-2020-0031) in
The 2020-03-01 security patch level addresses other 7 vulnerabilities rated as a high severity, two
Google also issued the 2020-03-05 security patch level that addresses 60 vulnerabilities in the system, kernel components, FPC, MediaTek, Qualcomm, and Qualcomm closed-source components.
Most severe issues, rated as critical, impact the Qualcomm closed-source components.
The list of issues includes only one that impacts the system (CVE-2019-2194), which is an elevation of privilege rated high severity that impacts Android 9.
Google addresses four issues impacting the kernel components that could be exploited to elevate
The IT giant fixed six vulnerabilities affecting the FPC Fingerprint TEE, three of them rated high risk.
Google addresses a total of 40 vulnerabilities in Qualcomm closed-source components, 16 rated critical severity.
The 2020-03-05 security patch level also fixed a high severity issue (CVE-2020-0069) in MediaTek components that could lead to elevation of privilege.