Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google addresses over 70 flaws in Android, including a remotely exploitable issue

Google’s March 2020 security updates for Android address over 70 flaws, including a critical vulnerability that affects the media framework.  Google’s March 2020 security updates for Android include the fix for a critical vulnerability, tracked as CVE-2020-0032, that affects the media framework as part of the 2020-03-01 security patch level. The 2020-03-01 security patch level fixed 11 vulnerabilities […]

Wi-Fi

Google’s March 2020 security updates for Android address over 70 flaws, including a critical vulnerability that affects the media framework. 

Google’s March 2020 security updates for Android include the fix for a critical vulnerability, tracked as CVE-2020-0032, that affects the media framework as part of the 2020-03-01 security patch level.

The 2020-03-01 security patch level fixed 11 vulnerabilities in framework, media framework, and system. 

The CVE-2020-0032 flaw affects devices running Android 8.0, 8.1, 9, and 10 versions. 

“The most severe of these issues is a critical security vulnerability in the media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory published by Google.

Google also fixed two high severity issues in the media framework, an elevation of privilege flaw (CVE-2020-0033) and information disclosure bug (CVE-2020-0034).

Google fixed a vulnerability (CVE-2020-0031) in framework that only impacts mobile devices running Android 10. This issue could be exploited by a local malicious application to bypass operating system protections that isolate application data from other applications.

The 2020-03-01 security patch level addresses other 7 vulnerabilities rated as a high severity, two elevation of privilege vulnerabilities and five information disclosure bugs. 

Google also issued the 2020-03-05 security patch level that addresses 60 vulnerabilities in the system, kernel components, FPC, MediaTek, Qualcomm, and Qualcomm closed-source components.

Most severe issues, rated as critical, impact the Qualcomm closed-source components.

The list of issues includes only one that impacts the system (CVE-2019-2194), which is an elevation of privilege rated high severity that impacts Android 9. 

Google addresses four issues impacting the kernel components that could be exploited to elevate privilege.

The IT giant fixed six vulnerabilities affecting the FPC Fingerprint TEE, three of them rated high risk.

Google addresses a total of 40 vulnerabilities in Qualcomm closed-source components, 16 rated critical severity.

The 2020-03-05 security patch level also fixed a high severity issue (CVE-2020-0069) in MediaTek components that could lead to elevation of privilege.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Google, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]