Google’s March 2020 security updates for Android address over 70 flaws, including a critical vulnerability that affects the media framework.

Google’s March 2020 security updates for Android include the fix for a critical vulnerability, tracked as CVE-2020-0032, that affects the media framework as part of the 2020-03-01 security patch level.

The 2020-03-01 security patch level fixed 11 vulnerabilities in framework , media framework, and system.

The CVE-2020-0032 flaw affects devices running Android 8.0, 8.1, 9, and 10 versions.

“The most severe of these issues is a critical security vulnerability in the media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” reads the security advisory published by Google.

Google also fixed two high severity issues in the media framework, an elevation of privilege flaw (CVE-2020-0033) and information disclosure bug (CVE-2020-0034).

Google fixed a vulnerability (CVE-2020-0031) in framework that only impacts mobile devices running Android 10. This issue could be exploited by a local malicious application to bypass operating system protections that isolate application data from other applications.

The 2020-03-01 security patch level addresses other 7 vulnerabilities rated as a high severity, two elevation of privilege vulnerabilities and five information disclosure bugs.

Google also issued the 2020-03-05 security patch level that addresses 60 vulnerabilities in the system, kernel components, FPC, MediaTek, Qualcomm, and Qualcomm closed-source components.

Most severe issues, rated as critical, impact the Qualcomm closed-source components.

The list of issues includes only one that impacts the system (CVE-2019-2194), which is an elevation of privilege rated high severity that impacts Android 9.

Google addresses four issues impacting the kernel components that could be exploited to elevate privilege .

The IT giant fixed six vulnerabilities affecting the FPC Fingerprint TEE, three of them rated high risk.

Google addresses a total of 40 vulnerabilities in Qualcomm closed-source components, 16 rated critical severity.

The 2020-03-05 security patch level also fixed a high severity issue (CVE-2020-0069) in MediaTek components that could lead to elevation of privilege.

Pierluigi Paganini