Google released a security update for critical Android vulnerability that allows attackers to execute arbitrary code remotely by sending using a specially crafted file within the context of a privileged process.

The vulnerability existed in the Media Framework (CVE-2020-0002) rated as “Critical ” severity, and it affects the Android operating systems 8.0, 8.1 and 9, also another moderate severity RCE vulnerability affected the Android 10.

CVEReferencesTypeSeverityUpdated AOSP versions
RCECritical8.0, 8.1, 9

Google categorized this Android remote code execution vulnerability based on the effect that exploiting the vulnerability would possibly have on an affected device and the success ratio that could bypass the affected Android device.

Google fixed the few other vulnerabilities existing in Android 8.0, 8.1, 9, 10, which include 3 high severity vulnerabilities and 1 Moderate vulnerability that affected the Android Framework.

CVEReferencesTypeSeverityUpdated AOSP versions
EoPHigh8.0, 8.1, 9
CVE-2020-0004A-120847476DoSHigh8.0, 8.1, 9, 10

Other Component Vulnerabilities

Google also fixed 33 vulnerabilities that were affected the other Android components such as Kernel, and Qualcomm closed-source component.

Out of 33 Vulnerabilities, 1 RCE bug (CVE-2019-17666) marked as critical severity that affected Realtek rtlwifi driver which enable a proximate attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

The rest of the 32 vulnerabilities are marked as “High” severity, and the Android fixed 18 vulnerabilities in Qualcomm closed-source components alone.

Other vulnerabilities that fixed related to Qualcomm affected the various components such as WLAN host, Kernel, Audio, Display, Camera and NFC.

You can read the complete Android security advisory with the complete vulnerability details.

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. 

Also Read: 10 Different Types of Malware Attack and How to Avoid them

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.