Google on Monday announced the availability of new security patches for Android, aimed at addressing more than 50 vulnerabilities in the mobile operating system.
The most severe of the security flaws described in the October 2021 Security Bulletin is an issue in the Android System component that could be exploited to achieve remote code execution.
Only 10 vulnerabilities were resolved with the 2021-10-01 security patch level, the first part of this month’s update.
These include high-severity issues in Android runtime (an elevation of privilege bug), Framework (three elevation of privilege, two information disclosure and one denial of service issue), Media Framework (one elevation of privilege) and System (an information disclosure).
The second part of the software update, which will roll out to devices as the 2021-10-05 security patch level, addresses 41 vulnerabilities, 3 of which carry a severity rating of critical.
According to Google, the most severe of these is a remote code execution flaw in the System component. Tracked as CVE-2021-0870, the issue impacts Android 8.1, 9, 10, and 11.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its advisory.
The remaining 40 issues affect Kernel components (3 elevation of privilege and 2 information disclosure, all high-severity), Telecommunication (1 high-severity information disclosure), Qualcomm components (2 critical and 11 high-severity) and Qualcomm closed-source components (21 high-severity flaws).
In addition to patches for these vulnerabilities, Google’s Pixel devices receive fixes for 20 other vulnerabilities, the company explains in its monthly Pixel Security Bulletin.
The October 2021 update for Pixel devices resolves 14 issues in Kernel components (11 elevation of privilege and 3 information disclosure), 2 bugs in Pixel (information disclosure and elevation of privilege), and 4 security errors in Qualcomm components.