Google released the Android Security Update for the month of February, aimed at patching a number of security vulnerabilities found in Android 10, 11, and 12 OS.
Two of the noted vulnerabilities bear a high severity score, as they can let remote hackers escalate privileges in a device without any user interaction. Still, itโs the duty of the Android OEMs to band up these updates and release them for each individual model they sold.
Android Security Update For February 2022
Just like Microsoft in Windows, Google releases monthly updates to the Android community to patch any known security vulnerabilities. And for this month, the Android maintainer rolled out the updateย to patch the following security bugs;
- Five high-severity flaws in Framework
- Four high-severity bugs in Media Framework
- Seven high-severity to critical flaws in System
- Two vulnerabilities of undefined severity in Media Provider
- One high-severity flaw in Amlogic components
- Five high-severity bugs in MediaTek components
- Three high-severity flaws in Unisoc components
- Six high to critical-severity vulnerabilities in Qualcomm components.
In the above, Google said two bugs are of high severity, tracked as CVE-2021-39675 and CVE-2021-30317. Where the former one is about letting a remote hacker escalate privileges, the later is regarding Qualcommโs closed-door component.
The CVE-2021-39675 is concerned only with Android 12 devices and is something thatโs used by sophisticated threat actors who constantly look up and hit zero-day bugs. Yet, Google said it hasnโt seen any exploitations of this bug in the wild yet.
And the CVE-2021-30317 is something that concerns Android devices that use that Qualcommโs hardware, as it comes with a vulnerability in the closed-source components.
Google says this monthโs update is only available for Android devices running versions 10, 11, and 12 only, so anything below that should be considered open to cyber risk.