Google and Qualcomm both addressed significant vulnerabilities in their June updates.

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution (RCE) on Android mobile devices.

The critical bugs (CVE-2020-0117 and CVE-2020-8597) exist in the Android System area, and would allow a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process. They affect Android versions 8 to Android 10.

“Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process,” according to a related advisory from the Multi-State Information Sharing and Analysis Center (MS-ISAC), sent via email. “These vulnerabilities could be exploited through multiple methods such as email, web browsing and MMS when processing media files.”

#mobile security #vulnerabilities #android #google #june 2020 #mobile phones #patches #qualcomm #rce #remote code execution #security bulletin #updates