Security News > 2022 > February > Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch
The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12.
This February security patch batch marks the final official update for Google's Pixel 3 smartphones, which launched in October 2018, which is like a century ago for the internet goliath.
As this documentation states, the Pixel 3 and Pixel 3 XL will "No longer receive Android version updates and security updates."
As well as CVE-2021-39675, there are five high-severity vulnerabilities patched by Google in the System component, ranging from elevation-of-privilege flaws in Android 11 and 12 to a denial-of-service in Android 10 and 11.
There's a separate set of patches, dated 2022-02-05, that close a high-severity hole in System; a high-severity hole in Amlogic's Fastboot component; five high-severity bugs in MediaTek code; three in Unisoc code; and 10 high-severity and one critical in Qualcomm code.
Source-level patches for these security holes have been released to the Android Open Source Project.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/09/android_security_bulletin/
Related news
- AMD won’t patch Sinkclose security bug on older Zen CPUs (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2021-39675 | Out-of-bounds Write vulnerability in Google Android 12.0 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. | 10.0 |