Patchday Android: System vulnerability allows malicious code to pass

There are important security updates for Android smartphones and tablets. Some gaps are classified as critical.

 Patchday Android: System vulnerability allows malicious code to pass

To keep attackers away from Android devices, ensure that the software is up to date. Unfortunately, due to the lack of security patches, this is still not possible on all devices. In addition to Google, LG and Samsung, some manufacturers offer monthly updates for certain smartphones and tablets (see box on the right).

Anyone who owns a Google device that is still supported should make sure in the settings that the patch level 2022-07-01 or 2022-07-05 is installed. Support for the Pixel 4 and Pixel 4 XL series will end in October 2022. From then on, the devices will no longer receive security patches.

Malicious code attacks

On patch day in July, Google secured Android 10, 11, 12 and 12L against possible attacks. As can be seen from a warning message, a malicious code vulnerability in the system is considered to be the most dangerous. Attackers should be able to start here without further rights. What attacks could look like in detail is not clear from the article. Two of the system vulnerabilities (CVE-2022-20222, CVE-2022-20229) are classified as “critical“.

More than others with a threat level of “high” vulnerabilities could allow attackers to acquire higher user rights or leak information. Other vulnerabilities affect Framework, Imagination Technologies, Kernel, MediaTek, Qualcomm and Unisoc components. At these points, attackers could use methods that are not described in detail, such as Bluetooth and the kernel. The effects of the attacks are not carried out.

Extra update

In Google’s Pixel series, the developers have found an additional vulnerability (CVE-2022-35133 “moderate“) closed.

Rate article
Leave a Reply