Google has pushed out a new update for Android devices that fixes more than 30 security flaws that would expose mobile users to a range of malicious attacks. The most important bug that was fixed is tracked as CVE-20121-0519 and was a bug in the media framework that could lead to the elevation of privileges on Android 8.1 and 9 devices or information disclosure on Android 10 and 11. This bug could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Three more of the issues fixed were high severity privilege escalation flaws. Another 24 vulnerabilities affected Kernel components, MediaTek components, Widevine DRM, Qualcomm components, and Qualcomm closed-source components. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Analyst Notes
All of these issues were addressed in the Android Security Bulletin for August 2021. Since patches were released by Google for all of these issues, those should be tested and implemented if possible. Often threat actors will target old vulnerabilities with the hope that people did not update their devices and they can gain access. If companies provide Android devices to their employees for work, they should ensure that anyone with one of the devices has these updates installed.
More can be read here: https://www.securityweek.com/google-patches-high-risk-android-security-flaws?&web_view=true
