Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE tracked as CVE-2021-0507 that could allow to take over a device.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.” reads the Android Security Bulletin.
The CVE-2021-0507 resides in the System component of the Android OS, an attacker could exploit the flaw by using a specially crafted transmission and execute arbitrary code within the context of a privileged process.
Google also addressed a critical elevation-of-privilege (EoP) issue in the System component tracked as CVE-2021-0516. The remaining flaws in the System component are rated as high severity.
Google fixed multiple high-severity EoP vulnerabilities in other components, including the Media Framework, the System, and the Kernel.
Google also fixed several high-severity information-disclosure issues for Android, including a local information disclosure tracked as CVE-2021-0521.
The IT giant addressed a total of 43 security flaws in multiple components, including Android runtime, Framework, Media Framework, System, kernel components and Pixel components.
The most severe issues of them are CVE-2021-0607 and CVE-2021-0608 EoP issues in Pixel components, the CVE-2021-0565 EoP issue in Media Framework and the CVE-2021-0571.
(SecurityAffairs – hacking, mobile)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.