Google has now released the January security update for Android. It is the first update in 2020 and fixes some serious problems. According to the current Android Security Bulletin, two critical security gaps are closed. Google sent the details of the vulnerabilities to its partners in the previous month as before – Samsung had already launched updates. The new security patch now fixes two vulnerabilities classified as critical, which could be used by a remote attacker to take control of the device and view confidential information or make the device unusable. In addition, numerous security gaps classified as high could be fixed.
The security update is initially available as usual for Google Pixel and Nexus as an over-the-air update.
Google is addressing several known issues and reported bugs with the January patch. These include vulnerabilities in the framework and media framework, which can allow an attacker to execute arbitrary code as part of a privileged process (remote code execution) or to launch a DoS attack. In addition, Google addresses, among other things, classified errors in the kernel and system components, as well as for Qualcomm chips.
No active exploitation
According to Google, there is currently no indication of the active exploitation of the vulnerabilities. However, all current Android versions from 8.0, 8.1, 9.0 and version 10.0 are affected.
In version 2020-01-01 there is the so-called partial security patch level string, which contains the correction for one critical and 6 as high and two as moderate security holes. Version 2020-01-05, the complete Security Patch Level String, contains a long list of other security holes, improvements, and optimizations