Today we’re taking a peek at the July 2020 security bulletin for Android released by Google this morning. This update includes both Android and Google service mitigation, July 1, 2020 security patch level vulnerability details, and July 5, security patch level vulnerability details with Broadcom, MediaTek, and Qualcomm components.
Security vulnerabilities this month include a couple of very serious items, both with patches that fix the issue in a jiffy. The most severe vulnerability in the July 1, 2020 update allowed a local malicious application to bypass user interaction requirements in order to gain access to additional permissions. That means the user wouldn’t even need to OK access before a malicious app could gain deep access to your phone – but provided you fix it, you’ve got nothing to worry about.
A media framework vulnerability included a remote attacker using a specifically crafted file to execute arbitrary code within the context of a privileged process. That, too, is fixed with AOSP versions 8.0, 8.1, 9, and 10. If you’re looking for OTA files for your Pixel device to fix these vulnerabilities immediately, you can do so through this Android source page.
If you do not know if you have these patches yet, you’ll want to check and update your Android version. If you have a Pixel device purchased from the Google store, you might have an update right this minute. Security updates should continue to arrive for your phone for at least 3 years from the time the device first became available – assuming it’s a Pixel.
Each Android device has a different guarantee for security updates and Android OS updates, depending on your device’s manufacturer. You might also have delays in updates if you’ve purchased a device through a mobile data carrier that’s not on-the-ball when it comes to working with your device’s manufacturer.