Security News > 2021 > February > Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android
Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege.
Tracked as CVE-2021-0325, the issue is considered critical on Android 8.1 and 9 platform releases, but has only a high severity rating on Android 10 and 11, Google's advisory explains.
Two other flaws patched in Media Framework this month, namely CVE-2021-0332 and CVE-2021-0335, were rated high severity.
Google also patched an information disclosure flaw in Android runtime, along with nine elevation of privilege and one denial of service issue in Framework, all of which were rated high severity.
The System component received patches for six vulnerabilities, namely one critical remote code execution bug and five high-severity elevation of privilege issues.
Pixel devices, Google explains, will receive patches for all the security vulnerabilities in the February 2021 Android security bulletin, and for the bug described in the Pixel update bulletin.
News URL
Related news
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2021-0325 | Out-of-bounds Write vulnerability in Google Android In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. | 8.8 |
| 2021-02-10 | CVE-2021-0332 | Use After Free vulnerability in Google Android 10.0/11.0 In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. | 7.8 |
| 2021-02-10 | CVE-2021-0335 | Use After Free vulnerability in Google Android 11.0 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. | 6.5 |