CVE-2020-0070 : What You Need to Know
Learn about CVE-2020-0070, a critical Android vulnerability allowing remote code execution over NFC without user interaction. Find mitigation steps and preventive measures here.
A critical vulnerability in Android that could lead to remote code execution over NFC with no user interaction needed.
Understanding CVE-2020-0070
What is CVE-2020-0070?
In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc in Android, a missing bounds check may result in out of bounds write, enabling remote code execution over NFC without additional privileges.
The Impact of CVE-2020-0070
This vulnerability can lead to remote code execution over NFC, posing a significant security risk.
Technical Details of CVE-2020-0070
Vulnerability Description
The issue arises in rw_t2t_update_lock_attributes of rw_t2t_ndef.cc due to a missing bounds check, potentially allowing out of bounds write.
Affected Systems and Versions
- Product: Android
- Versions Affected: Android-8.0, Android-8.1, Android-9, Android-10
Exploitation Mechanism
The vulnerability could be exploited remotely over NFC without the need for any additional execution privileges.
Mitigation and Prevention
Immediate Steps to Take
- Implement patches provided by the vendor immediately.
- Avoid interacting with untrusted NFC sources.
Long-Term Security Practices
- Regularly update the device's operating system and applications.
- Use NFC services cautiously and only with trusted sources.
Patching and Updates
- Stay informed about security bulletins and updates from the vendor to patch any vulnerabilities promptly.