The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.
Addressed as part of the 2021-05-01 security patch level, three of the critical flaws were identified in the System component and all three could be exploited remotely to execute arbitrary code on a vulnerable device.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.
Tracked as CVE-2021-0473 and CVE-2021-0474, two of these bugs affect Android 8.1, 9, 10, and 11 releases, while the third, CVE-2021-0475, impacts Android 10 and 11 only.
In addition to these critical bugs, five other vulnerabilities were addressed in Android System, all rated high severity. Three of these could lead to elevation of privilege, while the remaining two may be exploited for information disclosure.
The 2021-05-01 security patch level also contains fixes for three high-severity elevation of privilege flaws in the framework component and two high-severity issues (one elevation of privilege and one information disclosure) in the media framework component.
The second part of this month’s security update, the 2021-05-05 security patch level, contains fixes for 29 vulnerabilities in Android components such as framework, kernel, AMLogic, ARM, MediaTek, Unisoc, Qualcomm, and Qualcomm closed-source.
The most important of these bugs is CVE-2021-0467, a critical vulnerability in AMLogic BootROM that could allow an attacker to execute arbitrary code at bootROM level, even before data signature is performed.
Of the remaining 28 vulnerabilities addressed with the 2021-05-05 security patch level, 27 have been rated high severity, while the last one is considered medium severity.
On May 3, Google also published information on the security patches that address vulnerabilities specific to Pixel devices, detailing a total of seven such bugs, all moderate severity.
Three of these impact kernel components, one Qualcomm components, and three others affect Qualcomm closed-source components.
Pixel devices running a security patch level of 2021-05-05 or later have patches for all of these flaws, as well as for those addressed with this month’s Android updates.
Related: Google Patches Critical Code Execution Vulnerability in Android
Related: Google Patches Critical Remote Code Execution Vulnerability in Android
Related: Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android
More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
