Android Security Bulletin December 2020
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-12-05 or later address all of these issues. To learn how to check a device’s security patch level, see Check and update your Android version.
Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
The most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
|CVE||References||Type||Severity||Updated AOSP versions|
|CVE-2020-0458||A-160265164||RCE||Critical||8.0, 8.1, 9, 10|