Patchday: android hedged among other things against remote code execution

Patchday: android hedged among other things against remote code execution

For the first patchday in the new year, Google has numerous security swags from the Android versions 8.0, 8.1, 9, 10 and 11 eliminated. Four of them are considered critical and had been abused by attackers, among other things, to bring Denial-of-Service attacks or to bring from remote code to vulnerable advice (Remote Code Execution). With a "Moderate"-Exception is a high risk of the coil.

The Android Security Bulletin for January 2021 distinguishes two patch levels whose imports either part of the security swallow (Level 2021-01-01) Or also all the look (Level 2021-01-05) fixes. Manufacturers of Android advocates this procedure should make more flexibility in patching according to Google.

Critical security

The German-related to Google’s drawback of the closed security, CVE-2021-0316, is directly in the operating system code (section "system" in bulletin). You allow attackers Remote Code Execution in the context of a privileged process. For attack by management, Google only indicates that the transfer of specially practiced data is necessary.

CVE-2021-0316, as well as the critical LUCKE CVE-2021-0313 (denial-of-service) in the Android framework, is eliminated by lifting the patch level to 2021-01-01. To eliminate two further security by "Critical"-Classified Source Components of Qualcomm – CVE-2020-11134 and CVE-2020-11182 – while Level 2021-01-05 is upgraded.

Separate bulletin for pixel devices

As usual, a separate January bulletin has been published with updates for Google’s pixel device. It includes four more security fixes that are automatically distributed to supported pixel devices together with all the above patches. There are also several functional patches from the areas of audio, graphics, sensors and telephony. Details calls a post in the Pixel Support Forum.

Other producers ("Android partner") According to Google, Google, at least one month before the publication of info, be notified to the leach and thus had enough time to implement the code. The Source Code for the patches is available in the Android Open Source Project (AOSP).

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: