Google released a new round of security patches for the Android system, repairing a total of 33 vulnerabilities. According to Google’s official announcement, the biggest threat comes from the Media Framework vulnerability, which may allow local malicious applications to control isolated application data, completely bypassing the operating system defenses. The affected devices will not be unusable due to the vulnerability, but if the vulnerability is exploited, their integrity will be compromised.
The new security patch (2021-08-01) released earlier this week resolves three high-risk vertical privilege escalation vulnerabilities, two privilege escalation issues, and three System information disclosure vulnerabilities in the Framework. The August 2021 Android Security Bulletin fixes multiple security vulnerabilities affecting various hardware components and software issues.
The new round of patches released this week includes two security levels, of which 2021-08-01 fixes 3 high-risk vertical privilege escalation vulnerabilities, 2 privilege escalation issues, and 3 System information disclosure vulnerabilities in the Framework. In addition, multiple security vulnerabilities affecting various hardware components and software issues have been fixed. Another security patch level, 2021-08-05, fixes 24 vulnerabilities affecting Qualcomm closed source components, Widevine DRM, MediaTek components, and kernel components.
Among these vulnerabilities, the most serious is the use-after-free vulnerability. If the infection is successful, it may allow the hacker to execute any command with kernel authority. An attacker who successfully exploited these vulnerabilities could gain complete control of the administrator account, allowing him to perform malicious actions on behalf of the account.
The company said that the other three vulnerabilities were rated as medium severity and were also fixed in the August 2021 Android security bulletin. Qualcomm’s closed source components were found to contain other unreported vulnerabilities.