Google Patches High-Risk Android Security Flaws


Google this week shoved out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker censures.

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises.

The most leading of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The problem is tracked as CVE-2021-0519.

“The most severe of these issues is a high security vulnerability in the Media Framework component that could assign a local malicious application to bypass operating system protections that isolate application data from other applications,” according to a Google admonition.

The 2021-08-01 security patch level also includes fixes for three high severity elevation of privilege flaws in Framework, and a pair of advance of privilege and three information disclosure bugs in System. All five are rated high severity.

The second part of this month’s security update, the 2021-08-05 gage patch level, brings fixes for a total of 24 vulnerabilities affecting Kernel components, MediaTek components, Widevine DRM, Qualcomm components, and Qualcomm closed-source components.

The uncountable severe of these issues is a use after free that may allow an attacker to execute arbitrary code with kernel privileges.

Successful exploitation of the most unyielding of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this attentiveness stick-to-it-iveness, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In above moreover to the vulnerabilities resolved with the August 2021 Android Security Bulletin, Google also fixed three medium-severity bugs specific to Google desires. These include an elevation of privilege in the Pixel component, and two other unspecified vulnerabilities in Qualcomm closed-source components.

All of these issues are fixed on Pixel gimmicks running a patch level of 2021-08-05, Google notes.

Related: Android Updates for July 2021 Patch Tens of High-Severity Vulnerabilities

Akin: Critical Vulnerabilities Patched in Android With June 2021 Security Updates

[embedded content]

Google Patches High-Risk Android Security Flaws

Ionut Arghire is an international correspondent for SecurityWeek.

Sometime Columns by Ionut Arghire:
Google Patches High-Risk Android Security FlawsTags:

Leave a Reply

Your email address will not be published. Required fields are marked *