A total of 25 vulnerabilities were fixed with Android’s February 2020 security updates, and the most important of them are two critical severity issues is System.
One of these is CVE-2020-0022, a bug impacting the Bluetooth component, and which can be exploited by an attacker to run arbitrary code on vulnerable devices, remotely.
An attacker within proximity can exploit the flaw for silent code execution with the privileges of the Bluetooth daemon. While no user interaction is required for the attack to be successful, the adversary needs to know the target device’s Bluetooth MAC address and Bluetooth has to be enabled.
