Google released an Android security update this week, fixing more than 30 security holes that expose mobile users to a variety of harmful hacker attacks.
The most recent Android version documents 33 security flaws, some of which are significant enough to result in privilege escalation or information disclosure issues.
The most serious of them is a flaw in the Media framework that might result in privilege elevation on Android 8.1 and 9 devices, as well as information leakage on Android 10 and 11. The vulnerability is identified as CVE-2021-0519.
“The most serious of these concerns is a high-security vulnerability in the Media Framework component,” according to a Google advisory, “that might enable a local malicious app to evade operating system protections that separate application data from other apps.”
The 2021-08-01 security patch level includes fixes for three high-severity elevations of privilege issues in Framework, as well as two elevations of privilege and three information disclosure defects in the System. All five have a high level of severity.
The 2021-08-05 security patch level is the second portion of this month’s security update, and it fixes a total of 24 vulnerabilities in Kernel components, MediaTek components, Widevine DRM, Qualcomm components, and Qualcomm closed-source components.
The most serious of these flaws is a use after free vulnerability, which might allow an attacker to run arbitrary code with kernel privileges.
The most serious of these flaws could allow remote code execution within the context of a privileged process if they are successfully exploited. An attacker might then install apps based on the privileges associated with this application.
Google also repaired three medium-severity problems particular to Google devices, in addition to the vulnerabilities addressed in the August 2021 Android Security Bulletin. An elevation of privilege vulnerability in the Pixel component, as well as two other undisclosed vulnerabilities in Qualcomm closed-source components, are among them.
According to Google, all of these issues are resolved on Pixel smartphones running patch level 2021-08-05.