Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component.
Google released security updates to address 37 vulnerabilities as part of the Android security updates for March 2021, the most severe one is a critical flaw in the System component tracked as CVE-2021-0397.
Google addressed the flaw as part of the 2021-03-01 security patch level.
The CVE-2021-0397 vulnerability is a remote code execution issue and that affects Android 8.1, 9, 10, and 11 releases.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” reads the advisory published by Google.
The tech giant also fixed a total of 27 other security flaws as part of the 2021-03-05 security patch level, including one in Kernel components, four in Qualcomm components, and 22 in Qualcomm closed-source components.
5 out of 27 issues were rated as critical (CVE-2020-11192, CVE-2020-11204, CVE-2020-11218, CVE-2020-11227, CVE-2020-11228) and affect Qualcomm closed-source components.
Google’s March 2021 Android Security Bulletin also includes the fix for the CVE-2021-0390 flaw in Project Mainline components, which affects Wi-Fi.
Why does this bulletin have two security patch levels?
- “Devices that use the 2021-03-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
- Devices that use the security patch level of 2021-03-05 or newer must include all applicable patches in this (and previous) security bulletins.
Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.
[출처 : SecurityAffairs / 3.3.]