Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises.

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises.

The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The issue is tracked as CVE-2021-0519.

“The most severe of these issues is a high security vulnerability in the Media Framework component that could enable a local malicious application to bypass operating system protections that isolate application data from other applications,” according to a Google advisory.

The 2021-08-01 security patch level also includes fixes for three high severity elevation of privilege flaws in Framework, and a pair of elevation of privilege and three information disclosure bugs in System. All five are rated high severity.

The second part of this month’s security update, the 2021-08-05 security patch level, brings fixes for a total of 24 vulnerabilities affecting Kernel components, MediaTek components, Widevine DRM, Qualcomm components, and Qualcomm closed-source components.

The most severe of these issues is a use after free that may allow an attacker to execute arbitrary code with kernel privileges.

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Advertisement. Scroll to continue reading.

In addition to the vulnerabilities resolved with the August 2021 Android Security Bulletin, Google also fixed three medium-severity bugs specific to Google devices. These include an elevation of privilege in the Pixel component, and two other unspecified vulnerabilities in Qualcomm closed-source components.

All of these issues are fixed on Pixel devices running a patch level of 2021-08-05, Google notes.

Related: Android Updates for July 2021 Patch Tens of High-Severity Vulnerabilities

Related: Critical Vulnerabilities Patched in Android With June 2021 Security Updates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Ketan Tailor has joined Barracuda Networks as Chief Customer Officer.

Axonius has appointed former Disney CISO Ryan Knisley as its Chief Product Strategist.

Application security firm Checkmarx has appointed Jonathan Rende as its Chief Product Officer (CPO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.