This week, Google published May 2020 security updates for the Android operating system that fix multiple critical vulnerabilities, including one that affects the system part.
A total of 39 vulnerabilities were patched with the update, divided into two parts: 15 provided patches for the 2020-05-01 security patch level, and 24 for the 2020-05-05 security patch level.
Tracked as CVE-2020-0103, the most significant vulnerabilities reside in the Android system and have been reported as having an effect on Android 9 and Android 10.
“The most important of these issues is a critical security vulnerability in the Device component that could allow a remote attacker to execute arbitrary code in a privileged process using a specially designed transmission,” Google states in its advisory.
The issue was addressed as part of the 2020-05-01 security patch level, along with seven other system bugs: four high-severity privilege flaws, two high-risk information disclosure issues, and one moderate-severity disclosure.
The remaining seven vulnerabilities found with the 2020-05-01 security patch level include three system bugs, all privilege bugs (one essential and two high risk) and four media application problems, both of high severity (one privilege elevation and three disclosures).
No security issues have been addressed in Google Play System Updates (Project Mainline) this month.
The 2020-05-05 security patch level addresses two vulnerabilities in kernel components (high-severity privilege enhancement and disclosure), four bugs in MediaTek components (high-risk disclosure), eight flaws in Qualcomm components (high-severity) and ten issues in Qualcomm closed-source components (one critical, nine high-severity).
This month, Google has fixed a total of seven vulnerabilities in Pixel apps, all of which have a moderate severity ranking.
These flaws have an impact on kernel components (elevation of privilege in audio driver and airbrush, DoS in virtual hosting), Qualcomm components (two bugs in audio) and Qualcomm closed-source components.
“For Google apps, the 2020-05-05 security patch level or later fixes all issues in this bulletin and all issues in the May 2020 Android Security Bulletin,” Google states in the May 2020 Pixel Update Bulletin.