Google released patches for over 50 vulnerabilities in the Android operating system with its August 2020 security updates. “Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available,” Google said in a security bulletin.
The tech giant stated that the most severe security flaw fixed this month is a high-severity vulnerability in the Framework component that could have been exploited by a hacker remotely to execute arbitrary code using a malicious file. “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” Google added.
Security Patch Level Vulnerability
The security bulletin mentioned two security patch levels to help Android users fix a subset of vulnerabilities that are similar across all Android devices more quickly. The 2020-08-01 security patch level fixes 14 high-severity vulnerabilities in the Framework, Media Framework, and System components. And the 2020-08-05 security patch level resolves 40 vulnerabilities in the MediaTek, AMLogic, Kernel, and Qualcomm components of Android.
According to the Android Security Bulletin, “The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.”
Mitigation Measures
The Android security platform and Google Play Protect recommended certain protective measures to help defend against cybercriminals who are trying to exploit vulnerabilities in Android devices:
- Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
- The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services and is especially important for users who install apps from outside of Google Play.
Critical Vulnerability Fixed
Recently, Google fixed a critical MediaTek Rootkit vulnerability affecting millions of Android devices using MediaTek chips (now tracked as CVE-2020-0069). The issue was first reported on the XDA forum, one of the largest forums for Android software modifications, back in April 2019.