Google has patched several bugs in its May 2020 Android security patch. These vulnerabilities are reported to be at high risk to consumers as well as business and government institutions – if they are exploited. CVE-2020-0103, a particularly severe criticality flaw, may allow for remote code execution. This affects all Android OSes using security patch levels released before May 5. The Center for Internet Security (CIS) lists a total of 39 high-risk vulnerabilities in Google’s Android OS that were recently updated by Google. The organization notes that a fix has been rolled out by Google until May 2020 to fix all these vulnerabilities, but other OEMs are still unable to bring it to their phones.
CIS lists 39 Android OS vulnerabilities blog post High risk for small, medium and large businesses and government organizations. The organization notes that there are currently no reports of these vulnerabilities being exploited in the wild. The most serious of these vulnerabilities is CVE-2020-0103 Which may allow for remote code execution.
The remote code execution vulnerability in CVE-2020-0103 was not detailed by NVD on the CVE Mater site, but Google said in its security bulletin on May 1, “The most serious of these issues is a significant security vulnerability in system systems” privileged. Using a specially crafted transmission can enable a remote attacker to execute arbitrary code in the context of a process. “
The CIS stated, “Successful exploitation of the most serious of these weaknesses may allow for remote code execution in the context of a privileged process. These vulnerabilities can be exploited in many ways such as email, web browsing and through MMS when processing media files. “However the damage caused by these bugs varies depending on the privileges associated with the malicious application. In the worst case, an attacker can install the program; View, change or delete data; Or create new accounts with full user rights.
“If this application is configured to have fewer user rights on the system, the most severe of these vulnerabilities may have less impact than if it is configured with exploitative administrative rights,” CIS says.
Latest The Android Bulletin notes that all these weaknesses are patched with the latest May 2020. The Android security patch was dated May 5. Of the 39 vulnerabilities, 36 were classified as high-severity, 1 was classified as critical, and 2 were classified as significant. Other than CVE-2020-0103, other serious-critical defects (CVE-2020-3641) Qualcomm was in the closed source component, and has not yet expanded.
CIS advises OEMS to implement appropriate updates by Google or mobile carriers immediately after proper testing. It also recommends users download only the trusted vendor app through the Google Play Store. Users should take care and evaluate or follow links given by unknown or non-trusted sources before visiting unreliable websites. For those who know best security practices, they should inform and educate others about the dangers posed by un-trusted emails or hypertext links contained in the attachment.
As stated, Google has To roll May 2020 Already Android security patch for Pixel devices.
How are we sensible during this coronavirus lockdown? We discussed it Of class, Our weekly technology podcast, which you can subscribe through Apple Podcast or RSS, Download episode, Or simply hit the play button below.