Time to update: Google’s Android updates fix 41 flaws, including five critical

Google’s June 2022 Android security updates fix 41 vulnerabilities, five of which are rated critical.

The updates, for versions 10, 11 and 12 of the Android operating system, have been detailed in Google’s Android Security Bulletin.

Among the most severe security vulnerabilities receiving updates is CVE-2022-20130, a vulnerability in Android’s Media Framework that could lead to execution of arbitrary code, allowing an attacker to execute commands without additional privileges needed and CVE-2022-20210, a critical vulnerability in Unisoc chip firmware that allows attackers to remotely crash phones, resulting in denial of service or remote code execution.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Unisoc is the world’s fourth largest smartphone chipmaker, accounting for 11% of the global market, with Unisoc chips used in millions of Android devices, particularly in Africa and Asia.

A successful remote code execution attack could provide attackers with complete control of the Android device and all information on it, putting user privacy at risk.

Android security updates also fix three critical security vulnerabilities in Android system components. These are CVE-2022-20127, CVE-2022-20140 and CVE-2022-20145, a series of vulnerabilities in the Android system which could lead to local elevation of privilege without any additional execution privileges. be necessary. These vulnerabilities could allow attackers to plant malware on the device, putting the user at risk of data theft or having their device secretly monitored by spyware.

In addition to providing security updates for five critical vulnerabilities, Google’s Android Security Bulletin for June 2022 also offers fixes for 36 other vulnerabilities, all rated as high severity.

Although there is currently no evidence that any of these vulnerabilities are being exploited in the wild, Android users are urged to apply updates as soon as possible to protect their smartphones – and themselves. – attackers seeking to exploit them.


Comments are closed.