Google’s June security bulletin addresses 90+ bugs in Android and Pixel products.
Google patched additional than 90 security vulnerabilities in its Android functioning process impacting its Pixel gadgets and 3rd-party Android handsets, like a critical remote code-execution bug that could allow an attacker to commandeer a focused susceptible mobile product.
That bug (CVE-2021-0507) exists in the System element in the Android OS, and could permit a distant attacker making use of a specially crafted transmission to execute arbitrary code in just the context of a privileged system, in accordance to Google’s June security bulletin. It’s the most severe bug of those patched so far this June, the corporation mentioned.
The Android Method element of the OS also has a second critical vulnerability, an elevation-of-privilege (EoP) issue tracked as CVE-2021-0516. Further more facts were being not presented on that flaw. Commonly, Google does not launch the technical details of patched vulnerabilities until finally a frustrating majority of vulnerable handsets acquire the fixes.
Google also resolved quite a few substantial-severity EoP issues in other elements inside the OS, like just one in Android runtime (CVE-2021-0511) that could help a nearby attacker to execute arbitrary code and bypass consumer interaction specifications in order to acquire entry to additional permissions.
Media Framework in the meantime has four EoP issues (CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520), the most severe of which could empower a regional destructive application to bypass consumer conversation prerequisites in get to get obtain to extra permissions.
Two more superior-severity EoP issues (CVE-2020-14305, CVE-2021-0512) exist in the upstream kernel as effectively, the most serious vulnerability of which could guide to neighborhood escalation of privilege with no further execution privileges needed.
The internet giant also addressed quite a few significant-severity information-disclosure issues for Android, these kinds of as 1 in Framework (CVE-2021-0521) that could direct to area details disclosure of cross-consumer permissions with no further execution privileges essential.
Pixel Unit Fixes
The bugs in Google’s Pixel gadgets are mostly rated reasonable in severity, including a pair of denial-of-support (DoS) complications in Android runtime (CVE-2020-1971 and CVE-2021-0555), and an RCE issue in Media Framework (CVE-2021-0557).
In all, Pixel has 43 security holes, influencing Android runtime, Framework, Media Framework, Program, kernel elements and Pixel parts (Knowles IAXXX adnc driver and Pixel Launcher).
Only 4 of them are large-severity. These are: Two EoP issues in Pixel components (CVE-2021-0607 and CVE-2021-0608) an EoP issue in Media Framework (CVE-2021-0565) and yet another EoP bug in Framework (CVE-2021-0571).
Google did not release additional specifics on any of the flaws. The security patch stage of 2021-06-05 or later resolves all issues.
Sign up for Threatpost for “A Stroll On The Dark Aspect: A Pipeline Cyber Crisis Simulation”– a Are living interactive demo on Wed, June 9 at 2:00 PM EDT. Sponsored by Immersive Labs, uncover out no matter if you have the equipment and competencies to prevent a Colonial Pipeline-design attack on your organization. Questions and Stay viewers participation encouraged. Join the discussion and Register HERE for cost-free.
Some pieces of this posting are sourced from: