Android Operating System Updates Released by Google Patch a Total of 42 Vulnerabilities

Android

Google’s Android operating system updates for May 2021 address a total of 42 vulnerabilities, four of which are deemed critical severity.

Three critical vulnerabilities in the System component were found as part of the 2021-05-01 security patch level, and all three could be exploited remotely to execute arbitrary code on a compromised computer.

“The most serious of these issues is a critical security vulnerability in the System component that could enable a remote attacker to execute arbitrary code in the context of a privileged process using a specially designed file,” Google explains.

Two of the bugs, CVE-2021-0473 and CVE-2021-0474, affect Android 8.1, 9, 10, and 11, while the third, CVE-2021-0475, only affects Android 10 and 11.

In addition to these crucial flaws, Android System has been patched for five other high-severity flaws. Three of these could lead to privilege advancement, while the other two could be used to leak information.

Three high-severity elevation of privilege vulnerabilities in the framework component and two high-severity issues (one elevation of privilege and one information disclosure) in the media framework component are also fixed in the 2021-05-01 security patch standard.

The 2021-05-05 security patch stage, the second part of this month’s security update, addresses 29 vulnerabilities in Android components such as the framework, kernel, AMLogic, ARM, MediaTek, Unisoc, Qualcomm, and Qualcomm closed-source.

The most serious of these flaws is CVE-2021-0467, a critical weakness in AMLogic BootROM that could enable an attacker to execute arbitrary code even before a data signature is performed.

Twenty-seven of the remaining 28 vulnerabilities fixed by the 2021-05-05 security patch level have been assigned a high severity rating, while the last one is rated medium.

Google also released details on the security fixes that fix vulnerabilities unique to Pixel devices on May 3, disclosing a total of seven moderate-severity bugs.

Three of these have an impact on kernel components, one has an impact on Qualcomm components, and the remaining three have an impact on Qualcomm closed-source components.

Many of these bugs, as well as those fixed in this month’s Android updates, are patched on Pixel devices running a security patch level of 2021-05-05 or later.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.