Google’s Android security update resolved 43 bugs all round impacting Android handsets, together with Samsung telephones.
Google has set two critical bugs influencing its Android handsets. The more severe flaws exists in the Android Technique part and permit remote attackers to execute arbitrary code.
The two critical vulnerabilities are component of Google’s January Android security bulletin, released Monday. The security update dealt with 43 bugs over-all for the Android running programs. As element of this, Qualcomm, whose chips are utilised in Android units, patched a blend of substantial- and critical-severity vulnerabilities tied to 15 bugs.
The critical-severity flaws involve a remote-code-execution flaw in Google’s Android Method component (CVE-2021-0316), the core of the Android functioning system.
An additional flaw, rated significant, is a denial-of-company issue (CVE-2021-0313) in the Android Framework part, which is a set of APIs (consisting of technique resources and person interface style and design equipment) that enable developers to speedily and simply compose apps for Android telephones.
“The most serious of these issues is a critical security vulnerability in the Technique ingredient that could help a distant attacker utilizing a specifically crafted transmission to execute arbitrary code inside the context of a privileged process,” in accordance to Google. Equally critical flaws are fastened in Android versions 8., 8.1, 9, 10 and 11.
Further than these critical-severity issues, Google fixed a tangle of 13 large-severity flaws in its Framework. This included eight elevation-of-privilege issues (CVE-2021-0303, CVE-2021-0306, CVE-2021-0307, CVE-2021-0310, CVE-2021-0315, CVE-2021-0317, CVE-2021-0318, CVE-2021-0319) 4 data disclosure glitches (CVE-2021-0304, CVE-2021-0309, CVE-2021-0321, CVE-2021-0322) and 1 DoS flaw (CVE-2019-9376).
A few significant-severity bugs have been found in Media Framework (which gives assistance for playing a variety of widespread media kinds, so users can conveniently utilize audio, online video and pictures). These include a RCE flaw tied to CVE-2016-6328, and two data disclosure flaws tied to CVE-2021-0311 and CVE-2021-0312.
Google also rolled out patches for flaws in a variety of 3rd-party factors in its Android ecosystem. This bundled a few large-severity flaws in the kernel (CVE-2020-10732, CVE-2020-10766, CVE-2021-0323), which could allow a area destructive application to bypass running system protections that isolate software data from other apps. A superior-severity vulnerability (CVE-2021-0301) was also fastened in the MediaTek component.
Ultimately, 15 critical and large-severity flaws have been dealt with in Qualcomm elements, which includes ones affecting the kernel (CVE-2020-11233), show (CVE-2020-11239, CVE-2020-11261, CVE-2020-11262), camera (CVE-2020-11240) and audio parts (CVE-2020-11250).
The fixes occur following a significant December Android security update, wherever Google patched 10 critical bugs, together with a single tied to the Android media framework element that could give attacker remote control of susceptible handsets.
Down load our exceptional Free Threatpost Insider E book Healthcare Security Woes Balloon in a Covid-Era Globe , sponsored by ZeroNorth, to find out much more about what these security risks suggest for hospitals at the day-to-day amount and how health care security teams can carry out best methods to defend companies and sufferers. Get the complete story and Down load the Ebook now – on us!
Some components of this write-up are sourced from: