CVE-2020-8913 : Security Advisory and Response

Android Play Core prior to version 1.7.2 is affected by a local arbitrary code execution vulnerability in the SplitCompat.install endpoint. Attackers could exploit this to execute code on Android devices.

Understanding CVE-2020-8913

This CVE involves a critical security issue in Android's Play Core Library that allows attackers to execute arbitrary code on targeted Android devices.

What is CVE-2020-8913?

A local arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. Attackers can exploit this to access targeted application data on Android devices.

The Impact of CVE-2020-8913

The vulnerability has a CVSS base score of 8.8 (High severity) and can lead to unauthorized code execution and data access on affected Android devices.

Technical Details of CVE-2020-8913

Android Play Core versions prior to 1.7.2 are susceptible to this vulnerability.

Vulnerability Description

The issue allows attackers to execute code as the targeted application, potentially compromising user data.

Affected Systems and Versions

Platform: Android
Product: Android Play Core
Vendor: Google LLC
Versions Affected: < 1.7.2 (stable)

Exploitation Mechanism

Attackers can create a malicious apk targeting a specific application. When installed by a victim, the attacker can execute code and access the application's data.

Mitigation and Prevention

It is crucial to take immediate steps to address and prevent exploitation of this vulnerability.

Immediate Steps to Take

Update Android Play Core to version 1.7.2 or later to mitigate the risk.

Long-Term Security Practices

Regularly update software and applications to patch known vulnerabilities.
Implement security best practices to protect against code execution exploits.
Educate users on safe installation practices and potential risks.

Patching and Updates

Ensure timely installation of security patches and updates to safeguard against known vulnerabilities.