Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan SimpleX Chat ThePornDude
Home Artists Posts Import Register
Join the new SimpleX Chat Group!

Google Patches Android Kernel Bugs and Other Vulnerabilities - Threatwire (Patreon)

Published:
2021-11-11 16:52:26
Imported:
2023-10

Downloads

Content

By Shannon Morse, ThreatWire

Google has patched a good 18 vulnerabilities in the framework and system components and another 18 in kernel and vendor components in their November 2021 security patch for Android. So...  update.

It’s a lot, so I won’t cover everything here, but you can view the full security bulletin on the Android source blog. Most of the CVEs patched in this update are deemed high severity with a few being critical. Most of them include vulnerabilities listed as elevation of privilege or remote code execution attacks. There’s also a few listed as information disclosure and denial of service attacks - all of which are pretty big concerns if used in the wild.

The most severe of these problems is found in the System components. These would allow an attacker to use specially crafted transmissions to execute arbitrary code for privileged processes. These are listed as CVE-2021-0918 and CVE-2021-0930 and affect Android OS back to version 9. The kernel is affected by a use after free problem that could allow an attacker to gain escalated privileges on the component. This one is CVE-2021-1048. Google states in their post that there are indications this last one may be under limited and targeted exploitation.

Users of Android devices should look under their settings for an update if you haven’t seen a notification. This patch is rolling out, and the updates will include the November framework, vendor and kernel patches, and October framework, vendor, and kernel patches if not already installed. This is notable as it’s the first security patch for the new Android 12 but it also includes some patches for Android 9, 10, and 11. The pixel 3 will not receive this patch as it has reached the end of it’s support cycle. If you’re considering updating, I did just post a review of the Pixel 6 Pro with a Pixel 6 review upcoming on my channel. Both of these new phones will have 5 years of security updates from Google.

https://source.android.com/security/bulletin/2021-11-01
https://www.bleepingcomputer.com/news/security/android-november-patch-fixes-actively-exploited-kernel-bug/
https://thehackernews.com/2021/11/google-warns-of-new-android-0-day.html
https://threatpost.com/android-patches-exploited-kernel-bug/175931/

Comments

No comments found for this post.