Security News > 2021 > February > Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android
Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege.
Tracked as CVE-2021-0325, the issue is considered critical on Android 8.1 and 9 platform releases, but has only a high severity rating on Android 10 and 11, Google's advisory explains.
Two other flaws patched in Media Framework this month, namely CVE-2021-0332 and CVE-2021-0335, were rated high severity.
Google also patched an information disclosure flaw in Android runtime, along with nine elevation of privilege and one denial of service issue in Framework, all of which were rated high severity.
The System component received patches for six vulnerabilities, namely one critical remote code execution bug and five high-severity elevation of privilege issues.
Pixel devices, Google explains, will receive patches for all the security vulnerabilities in the February 2021 Android security bulletin, and for the bug described in the Pixel update bulletin.
News URL
Related news
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Google Patches New Android Kernel Vulnerability Exploited in the Wild (source)
- Google splats device-hijacking exploited-in-the-wild Android kernel bug among others (source)
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement (source)
- Google backports fix for Pixel EoP flaw to other Android devices (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68% (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2021-0325 | Out-of-bounds Write vulnerability in Google Android In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. | 9.3 |
| 2021-02-10 | CVE-2021-0332 | Use After Free vulnerability in Google Android 10.0/11.0 In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. | 7.2 |
| 2021-02-10 | CVE-2021-0335 | Use After Free vulnerability in Google Android 11.0 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. | 4.3 |