Google patched extra than ninety protection vulnerabilities in its Android working device impacting its Pixel gadgets and third-celebration Android handsets, together with a vital far-flung code-execution worm that might permit an attacker to commandeer a focused inclined cellular device.
That worm (CVE-2021-0507) exists withinside the System factor withinside the Android OS and will permit a far-flung attacker the usage of a mainly crafted transmission to execute arbitrary code in the context of a privileged process, consistent with Google’s June protection bulletin. It’s the maximum excessive worm of these patched thus far this June, the corporation said.
The Android System factor of the OS additionally has a 2nd vital vulnerability, an elevation-of-privilege (EoP) trouble tracked as CVE-2021-0516. Further information had been now no longer given on that flaw. Typically, Google does now no longer launch the technical information of patched vulnerabilities till a vast majority of inclined handsets obtain the fixes.
Google additionally addressed numerous high-severity EoP problems in different additives in the OS, such as one in Android runtime (CVE-2021-0511) that might allow a neighborhood attacker to execute arbitrary code and skip person interplay necessities so as to benefit get admission to extra permissions.
Media Framework in the meantime has 4 EoP problems (CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520), the maximum extreme of that could allow a neighborhood malicious utility to skip person interplay necessities so as to benefit get admission to to extra permissions.
Two extra high-severity EoP problems (CVE-2020-14305, CVE-2021-0512) exist withinside the upstream kernel as well, the maximum extreme vulnerability of that could result in neighborhood escalation of privilege and not using a extra execution privileges needed.
The net large additionally addressed numerous high-severity data-disclosure problems for Android, which include one in Framework (CVE-2021-0521) that might result in neighborhood data disclosure of cross-person permissions and not using a extra execution privileges needed.
Pixel devices fix problem
The insects in Google’s Pixel gadgets are specially rated mild in severity, inclusive of a couple of denial-of-service (DoS) issues in Android runtime (CVE-2020-1971 and CVE-2021-0555), and an RCE problem in Media Framework (CVE-2021-0557).
In all, Pixel has forty-three safety holes, affecting Android runtime, Framework, Media Framework, System, kernel additives, and Pixel additives (Knowles IAXXX and motive force and Pixel Launcher).
Only 4 of them are high-severity. These are: Two EoP troubles in Pixel additives (CVE-2021-0607 and CVE-2021-0608); an EoP problem in Media Framework (CVE-2021-0565) and every other EoP worm in Framework (CVE-2021-0571).
Google didn’t launch additional information on any of the flaws. The safety patch stage of 2021-06-05 or later resolves all troubles.