Vulnerability in Android gives malicious app access to other apps

During the August patch cycle, Google patched dozens of vulnerabilities in Android, including a vulnerability that would allow a rogue app to bypass operating system security and gain access to other apps' data.

In total, 36 vulnerabilities in Android have been fixed this month . The most dangerous vulnerability, according to Google, is present in the Media Framework and makes it possible for a rogue app to bypass the operating system security, which isolates application data from other apps. The remaining vulnerabilities allow rogue apps to gain additional permissions and execute code with kernel privileges without user interaction.

In addition to vulnerabilities in its own Android code, Google also resolves vulnerabilities in parts of chipset manufacturers that Android uses with the monthly patch round. This month it concerns parts of MediaTek, Qualcomm and Widevine DRM. Two of the remote exploitable vulnerabilities are contained in Qualcomm's Wi-Fi code and have been identified as critical.

Patch level

Google works with so-called patch levels, where a date indicates the patch level. Devices receiving the August updates will have '2021-08-01' or '2021-08-05' as their patch level. In this case, manufacturers who want their devices to get this patch level must add all updates from the Android bulletin of August to their own updates, and then roll them out to their users. The updates have been made available for Android 8.1, 9, 10 and 11.

Manufacturers of Android devices were informed at least a month ago about the vulnerabilities that have now been fixed, according to Google, and have been able to develop updates in that time. However, that does not mean that all Android devices will receive these updates. Some devices are no longer supported with updates from the manufacturer or the manufacturer releases the updates at a later time.

Previous Post Next Post