Security News > 2022 > February > Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch
The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12.
This February security patch batch marks the final official update for Google's Pixel 3 smartphones, which launched in October 2018, which is like a century ago for the internet goliath.
As this documentation states, the Pixel 3 and Pixel 3 XL will "No longer receive Android version updates and security updates."
As well as CVE-2021-39675, there are five high-severity vulnerabilities patched by Google in the System component, ranging from elevation-of-privilege flaws in Android 11 and 12 to a denial-of-service in Android 10 and 11.
There's a separate set of patches, dated 2022-02-05, that close a high-severity hole in System; a high-severity hole in Amlogic's Fastboot component; five high-severity bugs in MediaTek code; three in Unisoc code; and 10 high-severity and one critical in Qualcomm code.
Source-level patches for these security holes have been released to the Android Open Source Project.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/09/android_security_bulletin/
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Android 15 unveils new security features to protect sensitive data (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-39675 | Out-of-bounds Write vulnerability in Google Android 12.0 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. | 9.8 |