Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Patches Critical Code Execution Vulnerability in Android

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.

Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity. The bug was patched as part of the 2021-04-01 security patch level.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains in its advisory.

Five other vulnerabilities were addressed in the System component: three elevation of privilege and two information disclosure issues. All of these feature a severity rating of high.

The 2021-04-01 security patch level also brings patches for 12 other high-severity vulnerabilities: nine in the Framework component (seven elevation of privilege and two information disclosure bugs), and three in the Media framework (one elevation of privilege and two information disclosure issues).

The second part of this month’s set of patches, which arrives on devices as the 2021-04-05 security patch level, includes fixes for 18 vulnerabilities, in System (two high-severity bugs), Kernel components (two high-severity flaws), MediaTek components (one high-severity issue), Qualcomm components (one high-severity bug), and Qualcomm closed-source components (one critical and 11 high-severity vulnerabilities).

This week, Google also announced new security patches for Pixel devices, which include fixes for three vulnerabilities in Framework (two elevation of privilege flaws) and Qualcomm components. All three feature severity ratings of moderate.

Devices running a security patch level of 2021-04-05 or later have fixes for all of the issues associated with this security patch level, as well as with previous patch levels. On Pixel devices, a security patch level of 2021-04-05 addresses all vulnerabilities in the April 2021 and previous Pixel security bulletins as well.

Advertisement. Scroll to continue reading.

Related: Recently Patched Android Vulnerability Exploited in Attacks

Related: Google Patches Critical Remote Code Execution Vulnerability in Android

Related: Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.