Hacking Android 10 phones with Remote code execution zero-day vulnerabilities

Cyber security consulting specialists have discovered multiple vulnerabilities in Google’s Android operating system. According to the report, the most serious of these flaws could allow remote code execution. Android is an operating system developed by Google for mobile devices such as smartphones, tablets, watches, among others.

Successful exploitation of the most serious of these failures could allow threat actors to execute remote code in the context of a privileged process. Depending on the privileges associated with the target application, the hacker could install programs, view, and change or delete data or even create new accounts with full user rights.

Vulnerabilities are present in the operating system with security patches issued before May 5, cyber security consulting specialists mention. At the moment there are no known cases of exploitation of this failure in real-world scenarios.

Below is a list of vulnerabilities found with their respective keys for the Common Vulnerability Scoring System (CVSS).

  • CVE-2020-0096: Vulnerability in Framework that could allow a privilege escalation attack
  • CVE-2020-0094: A vulnerability in Android Media Framework that could allow escalation of privileges on the system
  • CVE-2020-0093: Android Media Vulnerability That Can Lead to a Sensitive Information Disclosure Scenario
  • CVE-2020-0024: A critical operating system failure that could allow for a privilege escalation
  • CVE-2020-0103: A vulnerability in the system that could allow remote code execution
  • CVE-2020-0092: A vulnerabilities in the system that could lead to an information disclosure scenario
  • CVE-2020-0110: A vulnerability in Google Play system updates that could allow Escalation of Privileges
  • CVE-2019-19536: A vulnerability in Google Play system updates that could allow information disclosure
  • CVE-2020-0110: A vulnerability in kernel components that could allow privilege escalation
  • CVE-2019-19536: A vulnerability in kernel components that could allow information disclosure
  • CVE-2020-0065: Vulnerability in MediaTek components that could allow disclosure of confidential information

As a prevention measure, cyber security consulting experts recommend deploying Android updates. Download only apps from trusted sources and the use of secure websites are also good mobile security measures.

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.