Google’s Android Security Bulletin of 2020 details the critical patches made available for operating systems, and it’s nothing that should worry users much.
One of the most pressing issues that had to be fixed is a critical security vulnerability in the Media framework, but very particular requirements had to be met for an attacker to deploy an exploit. Nonetheless, the patch covered that as well.
“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” marks says the bulletin.
“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
There are always vulnerabilities that need to be fixed in any software, and the Android OS is no exception. Google regularly releases security bulletins outlining fixes deployed and vulnerabilities found.
Also, the new security update comes with quite a few fixes for Qualcomm vulnerabilities, and the company itself has fixed all of the problems.
The update is pushed into the Android Open Source Project (AOSP) repository, and all Android partners are notified about the issues a month before they become public knowledge.
Unfortunately, for many Android users, not all phones will be receiving the updates in a timely manner. Only Google-built devices, including Google Home and other IoT hardware, will have the issues fixed immediately.