The most serious of the flaws affects the part of the system and may allow an attacker to execute code with high privileges, via a specially designed file. Google has, in fact, addressed two critical system component flaws, one affecting Android 8.0 and newer releases (CVE-2020-0224), and the other only affecting Android 10 (CVE-2020-0225). A third flaw discussed in the program was a problem of high-severity disclosure of information (CVE-2020-0107), which only affects Android 10. In addition to the patch for a critical vulnerability in remote code execution (CVE-2020-9589), the media system has provided a fix for a high-risk privilege bug (CVE-2020-0226) affecting Android 10 users. All five vulnerabilities are fixed on devices running Safety Patch Tier 2020-07-01. In the framework component, the same patch level fixes two high-severity elevations of privilege flaws (impacting on Android 8.0 and newer iterations). The second part of this month’s update, the security patch level 2020-07-05, brings fixes for two other critical remote code execution bugs (CVE-2019-9501 and CVE-2019-9502), which affect firmware on Broadcom. The Qualcomm WLAN part fixed two other critical issues (CVE-2020-3698 and CVE-2020-3699). The update also addresses two problems related to high-severity in the Qualcomm kernel (CVE-2019-10580) and WLAN (CVE-2020-3700). Devices modified to security patch level 2020-07-05 will also provide patches for high-risk defects in kernel components (three bugs), MediaTek components (three flaws), and closed-source components of Qualcomm (five problems). Overall, the updates released this month fix 25 vulnerabilities. Besides these updates, Pixel devices running the security patch level 2020-07-05 will receive fixes for four moderate-severity bugs affecting Qualcomm components and closed-source components.
