Security News > 2021 > February > Five Critical Android Bugs Patched, Part of Feb. Security Bulletin
Google patched five critical bugs in its Android operating system as part of its February Security Bulletin.
Three additional critical Qualcomm bugs were reported by Google and patched by Qualcomm - part of a separate security bulletin disclosure.
The most severe of the critical bugs in the Android OS is a security vulnerability in the Media Framework component that allows for remote code execution, enabling a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process, according to Google.
It's been updated for versions 8.1, 9,10 and 11 of the OS. Five other vulnerabilities patched in the update for Android System all include EOP capability and have been updated for all versions of the OS from 8.1 upwards, the company said.
The two others- CVE-2020-11163 and CVE-2020-11170-affected Qualcomm closed-source components found in the OS. The Android Kernel, Google Play system, and Android runtime all received one patch each in the update for bugs rated respectively as "High."
Last month Google also addressed 43 bugs in Android, including two critical bugs-one of which was found in Android System and allowed remote attackers to execute arbitrary code.
News URL
https://threatpost.com/five-critical-bugs-patched-feb-security-bulletin/163623/
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Android 15 unveils new security features to protect sensitive data (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-22 | CVE-2020-11163 | Improper Validation of Array Index vulnerability in Qualcomm products Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 9.8 |
| 2021-02-22 | CVE-2020-11170 | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.8 |