Android security: Google updates fix these five critical vulnerabilities

Google’s Android security updates for June 2022 fix 41 vulnerabilities, including five classed as critical. 

The updates, for the Android operating system versions 10, 11 and 12, have been detailed in Google’s Android Security Bulletin.

Among the most severe security vulnerabilities receiving updates is CVE-2022-20130, a vulnerability in Android’s Media Framework that could lead to arbitrary code execution, allowing an attacker to run commands with no additional privileges needed and CVE-2022-20210, a critical vulnerability in Unisoc chip firmware that allows attackers to remotely crash phones, leading to denial of service or remote code execution. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

Unisoc is the fourth largest smartphone chip manufacturer in the world, accounting for an 11% share of the global market, with Unisoc chips used in millions of Android devices, particularly in Africa and Asia.  

A successful remote code execution attack could provide attackers with complete control of the Android device and all information on it, putting the user’s privacy at risk.

The Android security updates also fix three critical security vulnerabilities in Android’s system components. These are CVE-2022-20127, CVE-2022-20140 and CVE-2022-20145, a series of vulnerabilities in Android System that could lead to local escalation of privileges with no additional execution privileges

Read More: https://www.zdnet.com/article/android-security-google-updates-fix-these-five-critical-vulnerabilities/#ftag=RSSbaffb68