- Home page
- Google fixes 26 new flaws in Android for February 2020
Google has discovered multiple vulnerabilities in Android in the last few weeks, some of which are particularly serious. A security patch has been in the process of being deployed since February 3. It fixes a total of 26 vulnerabilities in the operating system
It’s in 2020 that we should hear about the next version of the Android operating system – Android 11, since Google has decided to drop the confectionery inspired nicknames. Until then, the company must continue to take care of the existing branches of its OS, which are regularly subject to technical vulnerabilities.
This is precisely what the Mountain View firm just did on February 3, when it published its new monthly security bulletin in which the American company announced that it had corrected 26 bugs. Owners of an Android smartphone (or tablet!) will be able to take advantage of these fixes in the coming weeks or months, as soon as they are made available by device manufacturers.
Compared to previous editions, the February newsletter is more modest: there are only 26 breaches, ten to fifteen fewer than in the last three months. The majority of these vulnerabilities are considered serious (23 of them). Only one has a moderate level of criticality and the remaining two reach the maximum level of severity.
Among the smartphones that will benefit from this patch is the Pixel 4, the latest addition to the range. // Source: Louise Audry for Numerama
Exploited by a malicious third party, these software malfunctions can lead to a range of risks, from breaching data confidentiality to remote malicious code triggering, denial of service, which interferes with the proper functioning of the smartphone, and privilege escalation, which allows an attacker to enter normally protected areas of the system.
It should be noted that 10 of these 26 vulnerabilities concern components supplied by Qualcomm, a leading U.S. OEM in the smartphone market. The seriousness of these flaws is directly assessed by the American company, unlike the others, which are diagnosed by Google, since they directly concern the Android operating system.
Nearly half of the vulnerabilities involve Qualcomm components
This assessment is based on “the effect that exploiting the vulnerability could have” on a smartphone, explains Google. The company also considers the presence or absence of mitigation measures, if they have been deactivated or circumvented. Other parameters also include the vector of the attack, its complexity, the need for privileges or a specific action by the victim.
As always, the industrial partners using Android were notified well in advance – about a month before the publication of this report – so that they have enough time to take all the necessary measures. But manufacturers are moving forward in a piecemeal fashion: some will issue a security update quickly, others will take longer.
The details of the bulletin can be consulted at this address.