Google has fixed a lot of dangerous and critical flaws in Android
This week, Google released its February patch set for the Android mobile operating system. This month, developers have fixed 40 vulnerabilities, most of which could lead to elevation of privileges in system. The most serious security issue this time was a critical flaw in the Media Framework. In the case of exploitation of the bug, the attacker could execute arbitrary code on the vulnerable device; this would require sending a specially crafted file to the victim.
This vulnerability received the identifier CVE-2021-0325, it is critical for Android 8.1 and 9. For more recent releases - Android 10 and 11 - the flaw is also relevant, but in this case it loses its critical status and becomes simply dangerous, Google explains.
This month, the developers have fixed two more vulnerabilities affecting the Media Framework - CVE-2021-0332 and CVE-2021-0335. They were given a high severity rating because they allow privilege escalation (CVE-2021-0332) and lead to information disclosure (CVE-2021-0335). In addition, Google has removed a flaw in the Android runtime that also led to information disclosure. Nine more vulnerabilities found in the Framework allowed for elevation of privileges, and one - DoS. These flaws have received high severity status.
A total of six vulnerabilities were eliminated in the System component, one of which, a critical one, allowed remote code execution. Recently, Google developers described plans of fighting against Android vulnerabilities. According to experts, first of all, attention should be paid to the problems of memory damage.
Source: anti-malware.ru
04 February 2021