Two of the noted vulnerabilities bear a high severity score, as they can let remote hackers escalate privileges in a device without any user interaction. Still, it’s the duty of the Android OEMs to band up these updates and release them for each individual model they sold.
Android Security Update For February 2022
Just like Microsoft in Windows, Google releases monthly updates to the Android community to patch any known security vulnerabilities. And for this month, the Android maintainer rolled out the update to patch the following security bugs;
Five high-severity flaws in Framework Four high-severity bugs in Media Framework Seven high-severity to critical flaws in System Two vulnerabilities of undefined severity in Media Provider One high-severity flaw in Amlogic components Five high-severity bugs in MediaTek components Three high-severity flaws in Unisoc components Six high to critical-severity vulnerabilities in Qualcomm components.
In the above, Google said two bugs are of high severity, tracked as CVE-2021-39675 and CVE-2021-30317. Where the former one is about letting a remote hacker escalate privileges, the later is regarding Qualcomm’s closed-door component. The CVE-2021-39675 is concerned only with Android 12 devices and is something that’s used by sophisticated threat actors who constantly look up and hit zero-day bugs. Yet, Google said it hasn’t seen any exploitations of this bug in the wild yet. And the CVE-2021-30317 is something that concerns Android devices that use that Qualcomm’s hardware, as it comes with a vulnerability in the closed-source components. Google says this month’s update is only available for Android devices running versions 10, 11, and 12 only, so anything below that should be considered open to cyber risk.