Google announced on Monday that new Android security updates are now available, fixing more than 50 vulnerabilities in the mobile operating system.
The most serious of the security weaknesses identified in the October 2021 Security Bulletin is a vulnerability in the Android System component that might be used to execute code remotely.
With the 2021-10-01 security patch level, the first portion of this month’s release, only ten vulnerabilities were fixed.
High-severity concerns exist in the Android runtime (one elevation of privilege flaw), Framework (three elevations of privilege, two information disclosure issues, and one denial of service issue), Media Framework (one elevation of privilege issue), and System (one elevation of privilege issue) (an information disclosure).
The second component of the software update, known as the 2021-10-05 security patch level, resolves 41 vulnerabilities, three of which have a critical severity rating.
The most serious of them, according to Google, is a remote code execution issue in the System component. The vulnerability is identified as CVE-2021-0870 and affects Android versions 8.1, 9, 10, and 11.
“The most serious of these concerns is a significant security vulnerability in the System component that might allow a remote attacker to execute arbitrary code within the context of a privileged process using a specially crafted transmission,” Google says in its advisory.
The remaining 40 vulnerabilities affect Kernel components (3 elevations of privilege and 2 information disclosure, all of which are high-severity), Telecommunication (1 high-severity information disclosure), Qualcomm components (2 critical and 11 high-severity), and Qualcomm closed-source components (21 high-severity flaws).
Google’s Pixel devices will receive patches for 20 more vulnerabilities in addition to these, according to the company’s monthly Pixel Security Bulletin.
The October 2021 update for Pixel devices fixes 14 kernel issues (11 elevation of privilege and 3 information disclosure), 2 Pixel bugs (information disclosure and elevation of privilege), and 4 Qualcomm security errors.