Security News > 2021 > June > Google Patches Critical Android RCE Bug

Google patched more than 90 security vulnerabilities in its Android operating system impacting its Pixel devices and third-party Android handsets, including a critical remote code-execution bug that could allow an attacker to commandeer a targeted vulnerable mobile device.
The Android System component of the OS also has a second critical vulnerability, an elevation-of-privilege issue tracked as CVE-2021-0516.
Google also addressed several high-severity EoP issues in other components within the OS, including one in Android runtime that could enable a local attacker to execute arbitrary code and bypass user interaction requirements in order to gain access to additional permissions.
The bugs in Google's Pixel devices are mainly rated moderate in severity, including a pair of denial-of-service problems in Android runtime, and an RCE issue in Media Framework.
In all, Pixel has 43 security holes, affecting Android runtime, Framework, Media Framework, System, kernel components and Pixel components.
These are: Two EoP issues in Pixel components; an EoP issue in Media Framework and another EoP bug in Framework.
News URL
https://threatpost.com/android-critical-rce-bug/166723/
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-21 | CVE-2021-0516 | Use After Free vulnerability in Google Android In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. | 9.8 |