Google Pushed Out a Security-Themed Android Update

Google

Google released an Android security update this week, fixing more than 30 security holes that expose mobile users to a variety of harmful hacker attacks.

The most recent Android version documents 33 security flaws, some of which are significant enough to result in privilege escalation or information disclosure issues.

The most serious of them is a flaw in the Media framework that might result in privilege elevation on Android 8.1 and 9 devices, as well as information leakage on Android 10 and 11. The vulnerability is identified as CVE-2021-0519.

According to a Google caution, “the most serious of these issues is a high security vulnerability in the Media Framework component that might enable a local malicious app to escape operating system protections that isolate application data from other apps.”

Fixes for three high severity elevation of privilege problems in Framework, as well as two elevation of privilege and three information disclosure bugs in System, are included in the 2021-08-01 security patch level. All five have a high severity rating.

The 2021-08-05 security patch level is the second portion of this month’s security update, and it fixes a total of 24 vulnerabilities in Kernel components, MediaTek components, Widevine DRM, Qualcomm components, and Qualcomm closed-source components.

The most serious of these flaws is a use after free vulnerability, which might allow an attacker to run arbitrary code with kernel privileges.

The most serious of these flaws could allow remote code execution within the context of a privileged process if they are successfully exploited. An attacker might then install applications, read, alter, or remove data, or create new accounts with full user access, depending on the privileges associated with this application.

Google also repaired three medium-severity problems particular to Google devices, in addition to the vulnerabilities addressed in the August 2021 Android Security Bulletin. An elevation of privilege vulnerability in the Pixel component, as well as two other undisclosed vulnerabilities in Qualcomm closed-source components, are among them.

According to Google, all of these issues are resolved on Pixel smartphones running patch level 2021-08-05.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.