The first part of the update, the security patch level 2020-11-01 addresses a total of 17 vulnerabilities in Android runtime, Framework, Media Framework and System components.
According to the company, the most serious vulnerability is CVE-2020-0449. It is a critical vulnerability in the System that could be used to execute code remotely. Issue security affects versions Android 8.0, 8.1, 9, 10 and 11.
The System was the Android component that received the most fixes (7) this month. The other vulnerabilities (beyond the critical one) have been described as very serious: one vulnerability to gain more privileges, four that allow disclosure information and a denial of service bug.
The Framework is the second component that is significantly affected. Six vulnerabilities have been fixed: two critical issues that allow denial of service attacks and four serious vulnerabilities that also allow denial of service but also the acquisition of privileges and the disclosure of information.
With the November updates, a vulnerability in Android runtime, which is very serious and allows the attacker to gain more privileges in the vulnerable system and three in the Media Framework.
The second security patch level 2020-11-05, corrects others 13 vulnerabilities.
Google has located three major errors in MediaTek components and ten in Qualcomm closed-source components (one critical and nine serious).
This week, Google also announced the availability of a separate set updates for Pixel devices. These updates contain fixes for four bugs in Qualcomm and Qualcomm closed-source components. In this case, the issues security is of moderate severity.