Security News > 2021 > April > Google Patches Critical Code Execution Vulnerability in Android

Google Patches Critical Code Execution Vulnerability in Android
2021-04-07 11:33

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.

Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity.

"The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google explains in its advisory.

The 2021-04-01 security patch level also brings patches for 12 other high-severity vulnerabilities: nine in the Framework component, and three in the Media framework.

This week, Google also announced new security patches for Pixel devices, which include fixes for three vulnerabilities in Framework and Qualcomm components.

Devices running a security patch level of 2021-04-05 or later have fixes for all of the issues associated with this security patch level, as well as with previous patch levels.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/gsoHOGsJEC0/google-patches-critical-code-execution-vulnerability-android

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-0430 Out-of-bounds Write vulnerability in Google Android 10.0/11.0
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4922 2872 1623 10411
Android 4 0 17 2 0 19