Android’s May 2020 Patches Fix Critical System Vulnerability


Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.

A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level.

Tracked as CVE-2020-0103, the most important of these vulnerabilities resides in Android System and was found to impact Android 9 and Android 10.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its advisory.

The issue was addressed as part of the 2020-05-01 security patch level, along with seven other System bugs: four high severity elevation of privilege flaws, two high risk information disclosure issues, and one moderate severity information disclosure.

Read more…