HomeNewsAndroid releases June 2020 Patches for Critical RCE vulnerabilities

Android releases June 2020 Patches for Critical RCE vulnerabilities

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
spot_img

Google has fixed two critical vulnerabilities in June patches update for Android OS that allows remote code execution on Android devices.

These two critical vulnerabilities (CVE-2020-0117 and CVE-2020-8597) found in the Android system area grant attackers with custom-built transference to execute arbitrary code within the backdrop of a privileged process. Only Android version 8 to 10 are affected by these vulnerabilities.

According to Multi-State Information Sharing and Analysis Center (MS-ISAC), “the successful exploitation of both vulnerabilities could grant access to remote code execution in the context of a privileged process,” “Exploiting the vulnerabilities become possible through multiple methods like web browsing, email, and MMS when processing media files.”

June 2020 Android Patches

Two other patches were released by Google this June for high-severity issues in the Android system susceptible to exploitation for information disclosure but found to only affect Android 10.

Other system vulnerabilities that received patches as part of the 2020-06-01 security patch release are two high-severity bugs in Media framework (one information disclosure and one elevation of privilege (EoP)) and three high-risk issues in Framework (one information disclosure and two elevation of privilege.)

About 24 more received fixes as part of the 2020-06-05 security patches released, notable ones are two elevation of privilege (EoP), one elevation of privilege in System, one information disclosure in Framework, and one information disclosure in Kernel components, with 20 more unspecified vulnerabilities in Qualcomm closed-source components, and Qualcomm components.

An update was done by Google to the advisories for two older vulnerabilities – CVE-2019-2219, which affects Framework for Android 8 to Android 10, enables a local malicious application to bypass OS protections that shields application data from other applications, and an Elevation of Privilege (EoP) vulnerability in System which enables a remote attacker to bypass user interaction requirements to gain access to additional permissions.

Finally, there were also patches released this week to patch multiple vulnerabilities in Qualcomm closed-source and general components used in Android devices. Among these vulnerabilities, two are critical and can be remotely exploited by hackers. Both can be found in the data-modem area of Qualcomm’s mobile chips.

RELATED POSTS

spot_img

Subscribe to SecureBlitz Newsletter

* indicates required
Marie Beaujolie
Marie Beaujolie
Marie Beaujolie is a computer network engineer and content writer from Paris. She is passionate about technology and exploring new ways to make people’s lives easier. Marie has been working in the IT industry for many years and has a wealth of knowledge about computer security and best practices. She is a regular contributor for SecureBlitz.com, where she writes about the latest trends and news in the cyber security industry. Marie is committed to helping people stay safe online and encouraging them to take the necessary steps to protect their data.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.