Android phones by taking over critical vulnerability remotely

A critical vulnerability in Android makes it possible for attackers to take over devices remotely. Google has since released a security update to fix the problem. A total of 41 vulnerabilities in the operating system were patched during the June patch cycle.

Two vulnerabilities in Android system have been identified as critical by Google. These are CVE-2021-0507 and CVE-2021-0516. Via CVE-2021-0516, an attacker or a rogue app can increase his permissions on the device. However, the most dangerous vulnerability is CVE-2021-0507. A "special transmission" allows an attacker to execute arbitrary code in the context of a privileged process.

Other than the label "remote code execution", Google gives no further details. In the past, however, the term "special transmission" has been used to refer to Bluetooth vulnerabilities. In addition to the critical vulnerabilities in Android, three critical vulnerabilities in Qualcomm 's software have also been fixed. It concerns a bluetooth vulnerability and two security holes in the data modem.

Patch level

Google works with so-called patch levels, where a date indicates the patch level. Devices receiving the June updates will have '2021-07-01' or '2021-06-05' as patch level. In this case, manufacturers who want their devices to get this patch level must add all updates from the Android bulletin from June to their own updates, and then roll them out to their users. The updates have been made available for Android 8.1, 9, 10 and 11.

According to Google, manufacturers of Android devices were informed about the vulnerabilities now fixed at least a month ago and have been able to develop updates in that time. However, that does not mean that all Android devices will receive these updates. Some devices are no longer supported with updates from the manufacturer or the manufacturer releases the updates at a later time.

Previous Post Next Post