Security News > 2022 > February > Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch

Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch
2022-02-09 08:28

The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12.

This February security patch batch marks the final official update for Google's Pixel 3 smartphones, which launched in October 2018, which is like a century ago for the internet goliath.

As this documentation states, the Pixel 3 and Pixel 3 XL will "No longer receive Android version updates and security updates."

As well as CVE-2021-39675, there are five high-severity vulnerabilities patched by Google in the System component, ranging from elevation-of-privilege flaws in Android 11 and 12 to a denial-of-service in Android 10 and 11.

There's a separate set of patches, dated 2022-02-05, that close a high-severity hole in System; a high-severity hole in Amlogic's Fastboot component; five high-severity bugs in MediaTek code; three in Unisoc code; and 10 high-severity and one critical in Qualcomm code.

Source-level patches for these security holes have been released to the Android Open Source Project.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/09/android_security_bulletin/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2021-39675 Out-of-bounds Write vulnerability in Google Android 12.0
In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow.
network
low complexity
google CWE-787
critical
 10.0
10

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Android 4 0 17 2 0 19