Android: Google fixes 41 flaws, including five critical

Google’s Android security updates for June 2022 fix 41 vulnerabilities, five of which are rated critical. Updates for Android versions 10, 11, and 12 were detailed in Google’s mobile operating system bulletin.

Among the most severe security vulnerabilities receiving updates is CVE-2022-20130, a vulnerability in Android’s Media Framework that could lead to arbitrary code execution, allowing an attacker to execute commands without the need for additional privileges. Also found is CVE-2022-20210, a critical vulnerability in the Unisoc chip firmware, which allows attackers to remotely crash phones, leading to denial of service or remote code execution.

Unisoc is the fourth largest smartphone chipmaker in the world, with an 11% market share. Unisoc chips are used in millions of Android devices, especially in Africa and Asia. A successful remote code execution attack could allow attackers to take full control of the Android device and all the information on it, putting the user’s privacy at risk.

Google standby

Android security updates also fix three critical security vulnerabilities in Android system components. These are CVE-2022-20127, CVE-2022-20140 and CVE-2022-20145, a series of vulnerabilities in the Android system that could lead to local privilege escalation without requiring additional execution privileges.

These vulnerabilities could allow attackers to install malware on the device, putting the user at risk of data theft or having their device secretly monitored by spyware.

In addition to providing security updates for five critical vulnerabilities, Google’s Android Security Bulletin for June 2022 also provides fixes for 36 other vulnerabilities, all classified as high severity. Although there is currently no evidence that any of these vulnerabilities are being exploited, Android users are urged to apply updates as soon as possible to protect their smartphones – and themselves – from attackers. who seek to exploit them.


Leave a Comment