Google this week announced the January 2021 security updates for Android devices, which address 42 vulnerabilities, including four rated critical severity.
Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical security bug in System that could be exploited to achieve code execution remotely.
An attacker looking to exploit the vulnerability would need to use a specially crafted transmission. Successful exploitation could lead to the execution of code within the context of a privileged process.
Three other vulnerabilities addressed in Android’s System component this month feature a severity rating of high. These include two elevation of privilege issues and one information disclosure bug.
The 2021-01-01 security patch level also fixes fifteen vulnerabilities in Framework, including a critical denial of service (DoS) flaw, eight high-severity elevation of privilege bugs, four high-severity information disclosure issues, one high-severity DoS flaw, and one medium-severity remote code execution vulnerability.
All of the three security flaws patched in Android’s Media Framework component this month feature a severity rating of high: one remote code execution and two information disclosure issues.
The second part of the Android security updates for January 2021 addresses a total of 19 vulnerabilities in Kernel (three high-severity flaws), MediaTek (one high-severity issue), and Qualcomm components (six high-severity bugs).
Patches for nine flaws in Qualcomm closed-source components were also included in this month’s set of updates (two critical and seven high-severity vulnerabilities).
All of these issues, as well as vulnerabilities patched with previous Android security updates, are resolved on devices running a security patch level of 2021-01-05 or later.
On Pixel devices, a security patch level of 2021-01-05 also addresses four other vulnerabilities: a high-severity elevation of privilege in Framework and a moderate one in Kernel components, along with a moderate flaw in Qualcomm components and another in Qualcomm closed-source components.
Related: December 2020 Android Updates Patch 46 Vulnerabilities
Related: Google Patches 30 Vulnerabilities With November 2020 Android Updates
Related: Android’s October 2020 Security Update Patches 48 Vulnerabilities
Related: Google Announces Android Partner Vulnerability Initiative