Google recently fixed severe security flaws in the Android system that allow code execution with high system rights. According to Ars Technica's latest report, new security patches were released by Google for dozens of vulnerabilities in its Android mobile operating system.
Two of the major security flaws allow hackers and other cyber attackers to execute malicious code with extremely high system rights remotely. Some cases reported that the severity of the bugs could possibly increase since the malware could run with highly elevated privileges.
Also Read: Android to Have Bedtime Feature to Fight Insomnia During Coronavirus Crisis; Google Pixel Updated With Safety Tools for Car Crash
A specially crafted transmission can be enabled by the bugs found in the Android System component, allowing for the arbitrary code execution within the context of a privileged process. Although most of the devices that are susceptible to the vulnerabilities are manufactured by Qualcomm, Google still released security patches for at least 34 security flaws.
Google releases security patches to fix severe Android flaws that allow hackers to remotely execute malicious code
According to Ars Technica, the security patches should be checked by Android users to see if the fixes are already available on their devices. There are different methods to follow by the Android users to check the security patches. However, one common method involves either checking the notification screen or clicking "Settings" and then choosing the option "Security," and going to "Security update" for the last step. However, the report confirmed that the security patches are not available on many devices.
Google's June security bulletin ranked the two vulnerabilities as critical flaws of its system; indexed as CVE-2020-8597 and CVE-2020-0117. The Android Security Bulletin for June contains details of security vulnerabilities affecting Android devices. According to the bulletin, all issues are notified to Android partners at least a month before the publication. It was confirmed that the source code patches for the Android issues were released to the Android Open Source Project (AOSP).
"These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files," as was written in an advisory from the Department of Homeland Security-funded Multi-State-Information Sharing and Analysis Center.
"Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory added.
The report stated that the Android media framework, Android kernel, and Android framework were affected by the vulnerabilities with a severity rating of "high." The components of Qualcomm's devices contained other vulnerabilities that have critical flaws.