Android hardware owners should update their devices for security reasons.
The monthly collective patches close several vulnerabilities in Android 10, 11, 12 and 12L that are classified as “critical“. If attacks are successful, attackers could, in the worst case, execute malicious code and gain full control over smartphones and tablets.
Malicious code vulnerabilities
In a warning message, Google classifies a system vulnerability (CVE 2022-20127 “critical“) as the most dangerous. What an attack could look like in detail is not clear from the article. However, it should be possible to place malicious code without additional execution rights.
If attackers attack other weak points in the system, they can mostly gain higher user rights. These vulnerabilities are classified as high threat level. Further vulnerabilities can be found in the Framework and Media Framework. The vulnerability in the Media Framework (CVE-2022-20130) is considered “critical” and could let malicious code through to devices. These vulnerabilities have been closed with Patch Level 2022-06-01.
Anyone who owns an Android device should make sure in the settings that the mobile operating system is up to date . In addition to Google, LG and Samsung also publish monthly security updates (see box on the right). Unfortunately, this only happens for selected devices.
Patch level 2022-06-05 brings even more security patches for kernel, Qualcomm, MediaTek and Unisoc components With. In an article, Google lists other security updates for its own Pixel devices. Most of the gaps are rated “moderate“. After successful attacks, attackers could be left with increased user rights or access information that is actually isolated.
Support for Pixel 3a and Pixel 3a XL has expired since May 2022. These devices will no longer receive security updates. In October 2022, this will be the case for the Pixel 4 and Pixel 4 XL.