Google developers have released June security updates for Android versions 10, 11 and 12. In total, the company has fixed 41 vulnerabilities in the mobile OS, five of which are recognized as critical.Updates are traditionally divided into two levels: June 1st and 5th. The first level contains fixes for the Android system and framework components, while the second level includes updates to the core and closed source components from third parties.
Let me remind you that we also talked about the fact that Bugs in MediaTek chips allow tracking users of 37% of smartphones in the world.
Of the five critical vulnerabilities fixed this month, the bug CVE-2022-20210 stands out, which allows remote arbitrary code execution and can be exploited by attackers without any prior preparations. This issue affects Android 10, 11, 12 and 12L.
The other two first-level patches address vulnerabilities CVE-2022-20140 (affects Android 12 and 12L) and CVE-2022-20145 (affects Android 11). They are both recognized as critical and allow privilege escalation.
The fourth critical vulnerability addressed by the June 1, 2022 patch level was CVE-2022-20130 related to the Media Codecs component. The vulnerability could lead to remote arbitrary code execution and poses a threat to devices running Android 10 and later.
The fifth critical fix only affects Unisoc chipsets, so it is available at the second level from June 5, 2022. This vulnerability, which received the identifier CVE-2022-20210, was discovered by researchers from Check Point, who reported that the bug allows to block the device from connecting to cellular networks using a malicious package.
It is worth noting that Unisoc accounts for about 11% of the Android market (especially in Africa and Asia) and is mostly low-end or rugged devices used by the military.
User Review( votes)