Two critical bugs that affect Google’s Android devices were fixed. Serious faults are found in the Android System and allow arbitrary code to be executed by remote attackers.
Both critical vulnerabilities are included in the security bulletin for Google’s January Android on Monday. The safety update dealt with 43 bugs for the Android operating systems in general. Qualcomm has patched a mix of critical and serious vulnerabilities linked to 15 bugs, which includes chips used on Android devices.
A remote code implementation default in the Google Android System component (CVE-2021-0316), the core of an Android operating system, is included in critical security flaws.
A second, seriously-rated fault is the service denial problem (CVE-2021-0313) in the Android Frame component, which is a series of APIs that enable developers to write apps for Android phones quickly and easily (composed of the system tools and user interface design tools).
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” according to Google. Both critical flaws are fixed in Android versions 8.0, 8.1, 9, 10 and 11.
All these faults have been assessed to be highly severely, with remote execution of code (three bugs), privilege increase (five issues) and disclosure of information (one vulnerability).
A total of 27 other security holes, including one for kernel components, four for Qualcomm components, and 22 for closed-source components were covered by a 2021-03-05 safety patch.
The problems were rated to be very serious except for five bugs in the closed-source components of Qualcomm, which are critically serious.
Google also reports a vulnerability in project mainline components in Android Security Bullett March 2021 that affects Wi-Fi. This vulnerability includes the CVE-2021-0390.
This week, Google also announced the release of security patches for 43 Pixel vulnerabilities. Bugs affect Framework (6), media framework (5), system(11), kernel components (19), Qualcomm components (1). (1).
These problems may lead to increased privileges, disclosure of information and denial of service. Eight of the bugs were evaluated with high severity and moderate risk of the remaining 35.