Sydney
25 Sep, Sunday
21° C
TOP

Android Security Bulletin December 2020

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-12-05 or later address all of these issues. To learn how to check a device’s security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.

The most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

Media Framework

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

CVEReferencesTypeSeverityUpdated AOSP versions
CVE-2020-0458A-160265164RCECritical8.0, 8.1, 9, 10
CVE-2020-0470A-166268541IDHigh10, 11

Source – Android.com

Post a Comment