Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Patches Over 50 Serious Vulnerabilities in Android

Google on Monday announced the availability of new security patches for Android, aimed at addressing more than 50 vulnerabilities in the mobile operating system.

The most severe of the security flaws described in the October 2021 Security Bulletin is an issue in the Android System component that could be exploited to achieve remote code execution.

Google on Monday announced the availability of new security patches for Android, aimed at addressing more than 50 vulnerabilities in the mobile operating system.

The most severe of the security flaws described in the October 2021 Security Bulletin is an issue in the Android System component that could be exploited to achieve remote code execution.

Only 10 vulnerabilities were resolved with the 2021-10-01 security patch level, the first part of this month’s update.

These include high-severity issues in Android runtime (an elevation of privilege bug), Framework (three elevation of privilege, two information disclosure and one denial of service issue), Media Framework (one elevation of privilege) and System (an information disclosure).

The second part of the software update, which will roll out to devices as the 2021-10-05 security patch level, addresses 41 vulnerabilities, 3 of which carry a severity rating of critical.

According to Google, the most severe of these is a remote code execution flaw in the System component. Tracked as CVE-2021-0870, the issue impacts Android 8.1, 9, 10, and 11.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its advisory.

The remaining 40 issues affect Kernel components (3 elevation of privilege and 2 information disclosure, all high-severity), Telecommunication (1 high-severity information disclosure), Qualcomm components (2 critical and 11 high-severity) and Qualcomm closed-source components (21 high-severity flaws).

Advertisement. Scroll to continue reading.

In addition to patches for these vulnerabilities, Google’s Pixel devices receive fixes for 20 other vulnerabilities, the company explains in its monthly Pixel Security Bulletin.

The October 2021 update for Pixel devices resolves 14 issues in Kernel components (11 elevation of privilege and 3 information disclosure), 2 bugs in Pixel (information disclosure and elevation of privilege), and 4 security errors in Qualcomm components.

Related: Google Android Security Update Patches 40 Vulnerabilities

Related: Google Patches High-Risk Android Security Flaws

Related: Google Details New Privacy and Security Policies for Android Apps

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.