This week, Google revealed the launch of a new series of monthly Android operating system updates, which provide fixes for a total of 30 vulnerabilities.
A total of 17 vulnerabilities in the Android runtime, application, media framework, and device components are resolved in the first part of the upgrade, the 2020-11-01 security patch level.
CVE-2020-0449, a crucial device error that could be abused to remotely execute code, is the most severe of the bugs. Android 8.0, 8.1, 9, 10, and 11 are affected by the bug.
“The most important of these concerns is a crucial security flaw in the device component that could cause arbitrary code to be executed in the sense of a privileged process by a proximal attacker using a specially designed transmission,” Google notes.
System was the Android part that received patches this month, at seven, with the highest number of vulnerabilities. Apart from the above crucial error, the following problems were of high severity: one privilege rise, four knowledge leakage, and one server bug denial.
The architecture is the second most affected, with six vulnerabilities: two crucial problems, all leading to denial of service, and four high-risk bugs leading to privilege escalation, leakage of information, and denial of service.
Android updates this month also fix three System vulnerabilities (leading to leakage of details, remote code execution, and privilege elevation) and one runtime in Android (a high-risk flaw that leads to privilege escalation).
In the second part of this month’s patch package, which arrives on computers as the protection patch level 2020-11-05, updates were included for a total of 13 vulnerabilities.
MediaTek components (three high-severity flaws) and Qualcomm closed-source components (one critical and nine high-risk bugs) have established these problems.
Google has confirmed this week the availability of a separate series of patches containing fixes for four bugs in Qualcomm components and Qualcomm closed-source components for Pixel devices. All problems are classified as moderate severity and are resolved on devices running a 2020-11-05 or later protection patch standard.
Google has published an update on Android for the Chrome browser this week, to fix a flaw that was already abused in the wild.
