Google has released the February 2022 Android security updates that address two critical vulnerabilities, one of them is a remote escalation of privilege that requires no user interaction for its exploitation.
The vulnerability, tracked as CVE-2021-39675, only affects the System component of the latest version of the popular OS, Android 12.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.” reads the bulletin published by Google.
The second critical vulnerability addressed by Google, tracked as CVE-2021-30317, resides in the Qualcomm component.
Google is not aware of active exploitation for both vulnerabilities. Google did not disclose technical details of the vulnerabilities to avoid threat actors leveraging them to develop their own exploits.
Google also addressed five high-severity flaws in Framework, four high-severity bugs in Media Framework, seven high-severity to critical flaws in System, two vulnerabilities of undefined severity in Media Provider, one high-severity flaw in Amlogic components, five high-severity bugs in MediaTek components, three high-severity flaws in Unisoc components, and six high to critical-severity vulnerabilities in the Qualcomm components.
Google provided security updates for Android 10, 11, and 12, older versions of the popular OS are not covered.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Android security)