Security News > 2021 > April > Google Patches Critical Code Execution Vulnerability in Android
The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.
Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity.
"The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google explains in its advisory.
The 2021-04-01 security patch level also brings patches for 12 other high-severity vulnerabilities: nine in the Framework component, and three in the Media framework.
This week, Google also announced new security patches for Pixel devices, which include fixes for three vulnerabilities in Framework and Qualcomm components.
Devices running a security patch level of 2021-04-05 or later have fixes for all of the issues associated with this security patch level, as well as with previous patch levels.
News URL
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Google brings better bricking to Androids, to curtail crims (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-13 | CVE-2021-0430 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0 In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 |