Samsung fixes critical Android bugs in December 2020 updates

/in


samsung galaxy phones

This week Samsung has started rolling out Android’s December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components.

This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.

As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on December 7, 2020, this week.

These updates mainly comprise significant security fixes with possible device stability enhancements.

Samsung Galaxy Android December 2020 updates
Samsung Galaxy Android December 2020 updates being rolled out today
Source: BleepingComputer

Every vulnerability addressed by this update, has either a ‘High’ or ‘Critical’ severity rating, making this update a must for Android users so that their devices remain protected.

RCE, Privilege escalation, and Denial of Service (DoS)

There’s the high severity vulnerability, CVE-2020-0458 lurking in the Android Media Framework arising from a buffer overflow, which has been fixed by this update.

The vulnerability could let an attacker perform remote code execution (RCE) attacks using a specially crafted file within the context of a privileged process.

Fix commit for CVE-2020-0458, RCE flaw in Media Framework
Fix commit for RCE flaw in Media Framework (CVE-2020-0458)

Other flaws impacting components like Framework and System could allow sensitive information disclosure and user interaction bypass, i.e. a malicious app can gain additional permissions on the vulnerable device without the user’s approval.

The list of vulnerabilities patched by this update includes:

Framework

CVE References Type Severity Updated AOSP versions
CVE-2020-0099 A-141745510 EoP High 8.0, 8.1, 9, 10
CVE-2020-0294 A-154915372 EoP High 8.0, 8.1, 9, 10
CVE-2020-0440 A-162627132 [2] EoP High 11
CVE-2020-0459 A-159373687 [2] [3] [4] [5] ID High 8.0, 8.1, 9, 10
CVE-2020-0464 A-150371903 [2] ID High 10
CVE-2020-0467 A-168500792 ID High 8.1, 9, 10, 11
CVE-2020-0468 A-158484422 ID High 10, 11
CVE-2020-0469 A-168692734 DoS High 11
CVE References Type Severity Updated AOSP versions
CVE-2020-0458 A-160265164 [2] RCE Critical 8.0, 8.1, 9, 10
CVE-2020-0470 A-166268541 ID High 10, 11

Source…