Google Warns of 44 Critical Vulnerabilities in Android


Google has warned through the monthly Android Security Bulletin of multiple critical vulnerabilities in the operating system that could allow an attacker to take over devices remotely. In total, 44 vulnerabilities in Android have been fixed this month.

Two vulnerabilities in the Android Media Framework and System have been identified as critical by Google. These vulnerabilities allow an attacker to execute arbitrary code in the context of a privilege escalation process via a specially prepared file or transmission. Further details about the attack vector or vulnerability have not been provided by Google.

In addition to vulnerabilities in its own Android code, Google also resolves vulnerabilities in parts of chipset manufacturers that Android uses with the monthly pattern order. This concerns companies such as Broadcom, MediaTek and Qualcomm. This month, three vulnerabilities in Qualcomm's software have been patched that have been rated critical.

The vulnerabilities ( CVE-2020-11272 , CVE-2020-11163 and CVE-2020-11170 ) are in the WiFi code, data modem, and audio playback code. The three leaks were rated on a scale of 1 to 10 in severity, each with a 9.8 and are remotely exploitable, according to Qualcomm's explanation.

Patch level

Google works with so-called patch levels, where a date indicates the patch level. Devices that receive the February updates will have '2021-02-01' or '2021-02-05' as the patch level. Manufacturers who want their devices to have this patch level must in this case add all updates from the February Android bulletin to their own updates, and then roll them out to their users. The updates have been made available for Android 8.1, 9, 10 and 11.

However, that does not mean that all Android devices will receive these updates. Some devices are no longer supported with updates from the manufacturer or the manufacturer releases the updates at a later time.

Previous Post Next Post