Samsung fixes critical Android bugs in December 2020 updates
This week Samsung has started rolling out Android’s December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components.
This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.
As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on December 7, 2020, this week.
These updates mainly comprise significant security fixes with possible device stability enhancements.

Source: BleepingComputer
Every vulnerability addressed by this update, has either a ‘High’ or ‘Critical’ severity rating, making this update a must for Android users so that their devices remain protected.
RCE, Privilege escalation, and Denial of Service (DoS)
There’s the high severity vulnerability, CVE-2020-0458 lurking in the Android Media Framework arising from a buffer overflow, which has been fixed by this update.
The vulnerability could let an attacker perform remote code execution (RCE) attacks using a specially crafted file within the context of a privileged process.

Other flaws impacting components like Framework and System could allow sensitive information disclosure and user interaction bypass, i.e. a malicious app can gain additional permissions on the vulnerable device without the user’s approval.
The list of vulnerabilities patched by this update includes:
Framework
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0099 | A-141745510 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0294 | A-154915372 | EoP | High | 8.0, 8.1, 9, 10 |
CVE-2020-0440 | A-162627132 [2] | EoP | High | 11 |
CVE-2020-0459 | A-159373687 [2] [3] [4] [5] | ID | High | 8.0, 8.1, 9, 10 |
CVE-2020-0464 | A-150371903 [2] | ID | High | 10 |
CVE-2020-0467 | A-168500792 | ID | High | 8.1, 9, 10, 11 |
CVE-2020-0468 | A-158484422 | ID | High | 10, 11 |
CVE-2020-0469 | A-168692734 | DoS | High | 11 |
CVE | References | Type | Severity | Updated AOSP versions |
---|---|---|---|---|
CVE-2020-0458 | A-160265164 [2] | RCE | Critical | 8.0, 8.1, 9, 10 |
CVE-2020-0470 | A-166268541 | ID | High | 10, 11 |