Update Android June 2022 updates bring fix for critical RCE vulnerability

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,519

Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical.

The security update is separated into two levels, released on June 1 and June 5. The first one contains patches for Android system and framework components and the second one includes updates for kernel and third-party vendor closed source components. Of the five critical vulnerabilities addressed this month, the one that stands out is CVE-2022-20210, a remote code execution flaw that threat actors can leverage without very demanding prerequisites.


"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed," mentions the Android security bulletin.


Remote code execution flaws are particularly severe because they can lead to information disclosure, high-level system compromise, and complete device takeover.
Two other important fixes that landed with the first patch level concern CVE-2022-20140 and CVE-2022-20145, both critical-severity escalation of privilege flaws.