Security News > 2021 > February > Five Critical Android Bugs Patched, Part of Feb. Security Bulletin
Google patched five critical bugs in its Android operating system as part of its February Security Bulletin.
Three additional critical Qualcomm bugs were reported by Google and patched by Qualcomm - part of a separate security bulletin disclosure.
The most severe of the critical bugs in the Android OS is a security vulnerability in the Media Framework component that allows for remote code execution, enabling a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process, according to Google.
It's been updated for versions 8.1, 9,10 and 11 of the OS. Five other vulnerabilities patched in the update for Android System all include EOP capability and have been updated for all versions of the OS from 8.1 upwards, the company said.
The two others- CVE-2020-11163 and CVE-2020-11170-affected Qualcomm closed-source components found in the OS. The Android Kernel, Google Play system, and Android runtime all received one patch each in the update for bugs rated respectively as "High."
Last month Google also addressed 43 bugs in Android, including two critical bugs-one of which was found in Android System and allowed remote attackers to execute arbitrary code.
News URL
https://threatpost.com/five-critical-bugs-patched-feb-security-bulletin/163623/
Related news
- New LianSpy malware hides by blocking Android security feature (source)
- Download: CIS Critical Security Controls v8.1 (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-22 | CVE-2020-11163 | Improper Validation of Array Index vulnerability in Qualcomm products Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 10.0 |
| 2021-02-22 | CVE-2020-11170 | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |