Google this week announced the January 2021 security updates for Android devices, which address 42 vulnerabilities, including four rated critical severity.
Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical security bug in System that could be exploited to achieve code execution remotely.
An attacker looking to exploit the vulnerability would need to use a specially crafted transmission. Successful exploitation could lead to the execution of code within the context of a privileged process.
Three other vulnerabilities addressed in Android’s System component this month feature a severity rating of high. These include two elevation of privilege issues and one information disclosure bug.
The 2021-01-01 security patch level also fixes fifteen vulnerabilities in Framework, including a critical denial of service (DoS) flaw, eight high-severity elevation of privilege bugs, four high-severity information disclosure issues, one high-severity DoS flaw, and one medium-severity remote code execution vulnerability.
All of the three security flaws patched in Android’s Media Framework component this month feature a severity rating of high: one remote code execution and two information disclosure issues.
The second part of the Android security updates for January 2021 addresses a total of 19 vulnerabilities in Kernel (three high-severity flaws), MediaTek (one high-severity issue), and Qualcomm components (six high-severity bugs).
Patches for nine flaws in Qualcomm closed-source components were also included in this month’s set of updates (two critical and seven high-severity vulnerabilities).
All of these issues, as well as vulnerabilities patched with previous Android security updates, are resolved on devices running a security patch level of 2021-01-05 or later.
On Pixel devices, a security patch level of 2021-01-05 also addresses four other vulnerabilities: a high-severity elevation of privilege in Framework and a moderate one in Kernel components, along with a moderate flaw in Qualcomm components and another in Qualcomm closed-source components.
Related: December 2020 Android Updates Patch 46 Vulnerabilities
Related: Google Patches 30 Vulnerabilities With November 2020 Android Updates
Related: Android’s October 2020 Security Update Patches 48 Vulnerabilities
Related: Google Announces Android Partner Vulnerability Initiative
More from Ionut Arghire
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
