Security News > 2021 > April > Google Patches Critical Code Execution Vulnerability in Android
The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.
Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity.
"The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google explains in its advisory.
The 2021-04-01 security patch level also brings patches for 12 other high-severity vulnerabilities: nine in the Framework component, and three in the Media framework.
This week, Google also announced new security patches for Pixel devices, which include fixes for three vulnerabilities in Framework and Qualcomm components.
Devices running a security patch level of 2021-04-05 or later have fixes for all of the issues associated with this security patch level, as well as with previous patch levels.
News URL
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-13 | CVE-2021-0430 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0 In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 |