Google warns of critical RCE vulnerability in Android

critical RCE vulnerability in Android
Written by Emma Davis

Google developers have released an update to the Android mobile operating system, which eliminates 43 vulnerabilities, including a critical RCE vulnerability in the Android System.

It turned out that the bugs affect Samsung smartphones and a number of other modern devices. There were even critical flaws.

The first flaw that is rated as serious is the denial of service issue (CVE-2021-0313) in the Android Framework component, which is a collection of APIs (consisting of system tools and UI design tools) that enable developers to quickly and easy to write apps for android phones.

However, the main concern poses vulnerability in the Android System component that could allow remote attackers to execute arbitrary code.

The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.Google officials said in their latest security bulletin.

The vulnerability in the Android System has been identified as CVE-2021-0316. Another system component, the Android Framework, also suffered, as in it was found a bug (CVE-2021-0313) that could lead to a denial of service.

In addition to these critical issues, Google has fixed 13 major flaws in its platform. This included eight privilege escalation issues; four disclosure errors and one DoS error.

Google has also released fixes to address shortcomings in various third-party components in its Android ecosystem. This includes three high severity kernel vulnerabilities that could allow a local malicious application to bypass operating system defences that isolate application data from other applications.

In parallel, Qualcomm, whose chips are used in Android devices, has patched a number of dangerous and critical holes that can affect users’ gadgets in one way or another.

Three high severity bugs were found in the Media Framework (which offers support for playing various common media types so that users can easily use audio, video, and images). These include an RCE bug related to CVE-2016-6328 and two information disclosure bugs.

MediaTek has also identified and fixed a high severity bug (CVE-2021-0301).

Let me remind you that I also talked about the fact that Bug in Facebook Messenger for Android allowed connecting to user conversations.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply