Google Android Multiple Vulnerabilities

Last month, there is a vulnerability related to Mediatek Google Android where it will allow the attacker that has a malicious purpose to get root privilege on the Android Device. The flaw on Mediatek Command Queue driver can be exploited by asking the victims to open a crafted content that been created by the attacker.

This vulnerability is been coded as CVE-2020-0069 where its severity level would label as Critical. The flaw has been affected by a million’s Android devices for some time now.

Besides that, there are other Google Android Vulnerabilities that have been considered as Critical that been label as CVE-2020-0032. This vulnerability has been exposed to an arbitrary code vulnerability that resides within the Media framework.

Below are the vulnerabilities that affected the Android Device which can be useful for your reference

Source: Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

XDA Developer have explained about those android vulnerabilities

For a user to get root access and set SELinux to permissive on their own device is shockingly easy to do: All you have to do is copy the script to a temporary folder, change directories to where the script is stored, add executable permissions to the script, and then execute the script

Recommendation of the vulnerabilities

Even though Android Team have release the patch for those vulnerabilities but there is no harm of securing the device manually.

The list below are the step that Android User can be used to ensure the security of the Device:

  1. The user needs to download any application that they wanted from a trusted source such as Play Store.
  2. The user also needs to beware of visiting the un-trusted link that also can lead to the malware page.

Source: MediaTek rootkit now has a fix via March Android security patch, and Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *