Google warns of critical RCE vulnerability in Android

Google developers have released an update to the Android mobile operating system, which eliminates 43 vulnerabilities, including a critical RCE vulnerability in the Android System.

The first flaw that is rated as serious is the denial of service issue (CVE-2021-0313) in the Android Framework component, which is a collection of APIs (consisting of system tools and UI design tools) that enable developers to quickly and easy to write apps for android phones.

However, the main concern poses vulnerability in the Android System component that could allow remote attackers to execute arbitrary code.

The vulnerability in the Android System has been identified as CVE-2021-0316. Another system component, the Android Framework, also suffered, as in it was found a bug (CVE-2021-0313) that could lead to a denial of service.

In addition to these critical issues, Google has fixed 13 major flaws in its platform. This included eight privilege escalation issues; four disclosure errors and one DoS error.

Google has also released fixes to address shortcomings in various third-party components in its Android ecosystem. This includes three high severity kernel vulnerabilities that could allow a local malicious application to bypass operating system defences that isolate application data from other applications.

In parallel, Qualcomm, whose chips are used in Android devices, has patched a number of dangerous and critical holes that can affect users’ gadgets in one way or another.

Three high severity bugs were found in the Media Framework (which offers support for playing various common media types so that users can easily use audio, video, and images). These include an RCE bug related to CVE-2016-6328 and two information disclosure bugs.

MediaTek has also identified and fixed a high severity bug (CVE-2021-0301).

Let me remind you that I also talked about the fact that Bug in Facebook Messenger for Android allowed connecting to user conversations.