Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component.

Google released security updates to address 37 vulnerabilities as part of the Android security updates for March 2021, the most severe one is a critical flaw in the System component tracked as CVE-2021-0397.

Google addressed the flaw as part of the 2021-03-01 security patch level.

The CVE-2021-0397 vulnerability is a remote code execution issue and that affects Android 8.1, 9, 10, and 11 releases.

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” reads the advisory published by Google.

The tech giant also fixed a total of 27 other security flaws as part of the 2021-03-05 security patch level, including one in Kernel components, four in Qualcomm components, and 22 in Qualcomm closed-source components.

5 out of 27 issues were rated as critical (CVE-2020-11192, CVE-2020-11204, CVE-2020-11218, CVE-2020-11227, CVE-2020-11228) and affect Qualcomm closed-source components.

Google’s March 2021 Android Security Bulletin also includes the fix for the CVE-2021-0390 flaw in Project Mainline components, which affects Wi-Fi.

Why does this bulletin have two security patch levels?

  • “Devices that use the 2021-03-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
  • Devices that use the security patch level of 2021-03-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

[출처 : SecurityAffairs / 3.3.]