Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android Updates for May 2021 Patch Over 40 Vulnerabilities

The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.

The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.

Addressed as part of the 2021-05-01 security patch level, three of the critical flaws were identified in the System component and all three could be exploited remotely to execute arbitrary code on a vulnerable device.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.

Tracked as CVE-2021-0473 and CVE-2021-0474, two of these bugs affect Android 8.1, 9, 10, and 11 releases, while the third, CVE-2021-0475, impacts Android 10 and 11 only.

In addition to these critical bugs, five other vulnerabilities were addressed in Android System, all rated high severity. Three of these could lead to elevation of privilege, while the remaining two may be exploited for information disclosure.

The 2021-05-01 security patch level also contains fixes for three high-severity elevation of privilege flaws in the framework component and two high-severity issues (one elevation of privilege and one information disclosure) in the media framework component.

The second part of this month’s security update, the 2021-05-05 security patch level, contains fixes for 29 vulnerabilities in Android components such as framework, kernel, AMLogic, ARM, MediaTek, Unisoc, Qualcomm, and Qualcomm closed-source.

The most important of these bugs is CVE-2021-0467, a critical vulnerability in AMLogic BootROM that could allow an attacker to execute arbitrary code at bootROM level, even before data signature is performed.

Of the remaining 28 vulnerabilities addressed with the 2021-05-05 security patch level, 27 have been rated high severity, while the last one is considered medium severity.

On May 3, Google also published information on the security patches that address vulnerabilities specific to Pixel devices, detailing a total of seven such bugs, all moderate severity.

Three of these impact kernel components, one Qualcomm components, and three others affect Qualcomm closed-source components.

Pixel devices running a security patch level of 2021-05-05 or later have patches for all of these flaws, as well as for those addressed with this month’s Android updates.

Related: Google Patches Critical Code Execution Vulnerability in Android

Related: Google Patches Critical Remote Code Execution Vulnerability in Android

Related: Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.