Patchday: Critical System Vulnerability Threatens Multiple Android Versions

Attackers could attack smartphones and tablets with Android and, in the worst case, execute malicious code. Security updates help.

 Patchday: Critical system vulnerability threatens multiple Android versions

The Android Versions 8.1, 9, 10 and 11 are vulnerable. On patch day in October, Google closed a number of security holes. Most are classified as “high” threat level.

Critical threats

In a warning message, Google raises a as “critical “ classified system vulnerability (CVE-2021-0870). Remote attackers should be able to execute malicious code in the context of a privileged process during a specially prepared transmission.

Two other “critical” vulnerabilities (CVE-2021-11264, CVE-2021-11301 ) relate to Qualcomm WLAN components. Further details on possible attacks and effects are currently unknown. In the current Android versions, further vulnerabilities in various Qualcomm components have been closed.

Even more security vulnerabilities

In addition to the system, there could also be vulnerabilities in Android, for example in kernel components and the Media Framework serve as a gateway for attackers. After successful attacks, they could access data that is actually isolated or obtain higher user rights by fraud.

Anyone who owns an Android device should check the security patch level in the settings. If it says 2021-10-01 or 2021-10-05, the current security patches are installed. In addition to Google, LG and Samsung, among others, also deliver monthly updates for certain device series (see box on the right). Also, the source code of the patches is available in the Android Open Source Project (AOSP) repository.

Google’s Pixel series devices got some extra security updates this month. Of the 20 closed gaps, however, only one vulnerability (CVE-2021-0939) in Titan-M is rated “high“.

Rate article
Leave a Reply