Google addresses over 70 flaws in Android, including a remotely exploitable issue

Pierluigi Paganini March 04, 2020

Google’s March 2020 security updates for Android address over 70 flaws, including a critical vulnerability that affects the media framework. 

Google’s March 2020 security updates for Android include the fix for a critical vulnerability, tracked as CVE-2020-0032, that affects the media framework as part of the 2020-03-01 security patch level.

The 2020-03-01 security patch level fixed 11 vulnerabilities in framework, media framework, and system. 

The CVE-2020-0032 flaw affects devices running Android 8.0, 8.1, 9, and 10 versions. 

“The most severe of these issues is a critical security vulnerability in the media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory published by Google.

Google also fixed two high severity issues in the media framework, an elevation of privilege flaw (CVE-2020-0033) and information disclosure bug (CVE-2020-0034).

Google fixed a vulnerability (CVE-2020-0031) in framework that only impacts mobile devices running Android 10. This issue could be exploited by a local malicious application to bypass operating system protections that isolate application data from other applications.

The 2020-03-01 security patch level addresses other 7 vulnerabilities rated as a high severity, two elevation of privilege vulnerabilities and five information disclosure bugs. 

Google also issued the 2020-03-05 security patch level that addresses 60 vulnerabilities in the system, kernel components, FPC, MediaTek, Qualcomm, and Qualcomm closed-source components.

Most severe issues, rated as critical, impact the Qualcomm closed-source components.

The list of issues includes only one that impacts the system (CVE-2019-2194), which is an elevation of privilege rated high severity that impacts Android 9. 

Google addresses four issues impacting the kernel components that could be exploited to elevate privilege.

The IT giant fixed six vulnerabilities affecting the FPC Fingerprint TEE, three of them rated high risk.

Google addresses a total of 40 vulnerabilities in Qualcomm closed-source components, 16 rated critical severity.

The 2020-03-05 security patch level also fixed a high severity issue (CVE-2020-0069) in MediaTek components that could lead to elevation of privilege.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Google, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment