Samsung’s Android December security updates are rolling out to mobile devices to patch security vulnerabilities.
High-Security Vulnerabilities — Android
This week, Android had published their December 2020 Security Updates bulletin for the operating system and related components, also impacting the latest devices.
As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates that have “security patch level” dated “2020-12-01.”
.jpg)
Importantly, in this update the vulnerabilities addressed as Critical or High severity rating, making this update a must for Android users to remain protected.
The list of vulnerabilities patched by this update, which could lead to attacks — RCE, Privilege escalation, and Denial of Service (DoS), includes:
Framework
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2020-0099 | A-141745510 | EoP | High | 8.0, 8.1, 9, 10 |
| CVE-2020-0294 | A-154915372 | EoP | High | 8.0, 8.1, 9, 10 |
| CVE-2020-0440 | A-162627132 [2] | EoP | High | 11 |
| CVE-2020-0459 | A-159373687 [2] [3] [4] [5] | ID | High | 8.0, 8.1, 9, 10 |
| CVE-2020-0464 | A-150371903 [2] | ID | High | 10 |
| CVE-2020-0467 | A-168500792 | ID | High | 8.1, 9, 10, 11 |
| CVE-2020-0468 | A-158484422 | ID | High | 10, 11 |
| CVE-2020-0469 | A-168692734 | DoS | High | 11 |
Media Framework
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2020-0458 | A-160265164 [2] | RCE | Critical | 8.0, 8.1, 9, 10 |
| CVE-2020-0470 | A-166268541 | ID | High | 10, 11 |
System
| CVE | References | Type | Severity | Updated AOSP versions |
|---|---|---|---|---|
| CVE-2020-0460 | A-163413737 | ID | High | 11 |
| CVE-2020-0463 | A-169342531 | ID | High | 8.0, 8.1, 9, 10, 11 |
| CVE-2020-15802 | A-158854097 | ID | High | 8.0, 8.1, 9, 10, 11 |
Recommendations:
The flaws impact components like Framework and System could allow sensitive information disclosure and user interaction bypass.
However, this could lead attackers to gain access to vulnerable devices without the user’s permission.
And, The high and critical severity vulnerabilities to be fixed by the “2020-12-05 security patch” could be still exploitable.
It is Highly recommended for user’s to update their Android devices immediately.
Also, Ensure the “auto-update” settings enabled.
Leave A Comment