Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Android Security Update Patches 40 Vulnerabilities

Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.

Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.

A total of 16 issues were patched with the first part of this month’s security updates – the 2021-09-01 security patch level – including one critical issue in the Framework component. Tracked as CVE-2021-0687, the security bug affects Android 8.1, 9, 10, and 11.

“The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted file to cause a permanent denial of service,” according to Google’s advisory.

Six other vulnerabilities were patched in the Framework component, all considered high-severity. These include five elevation of privilege flaws and one information disclosure vulnerability.

Google also released patches for two high severity information disclosure issues in Media framework, and seven vulnerabilities in the System component: six high severity (two elevation of privilege and four information disclosure bugs) and one medium severity (elevation of privilege).

[ READ: Microsoft Office Zero-Day Hit in Targeted Attacks ]

This month’s Android patches also include a Google Play system update to address the CVE-2021-0690 vulnerability.

The second part of September 2021’s set of patches arrives on devices as the 2021-09-05 security patch level and includes fixes for a total of 23 vulnerabilities in Kernel components, MediaTek components, Unisoc components, Qualcomm components, and Qualcomm closed-source components.

Advertisement. Scroll to continue reading.

Seven of these security holes, all of them addressed in Qualcomm closed-source components, are rated critical.

Google also announced patches Pixel devices address a total of nine other vulnerabilities, in Kernel, Pixel components, Qualcomm components, and Qualcomm closed-source components.

Pixel devices running a security patch level of 2021-09-05 or later have been patched for all of these issues, as well as for the vulnerabilities in the September 2021 Android Security Bulletin.

Related: Google Patches High-Risk Android Security Flaws

Related: Google Details New Privacy and Security Policies for Android Apps

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...