Google on Monday announced the availability of new security patches for Android, aimed at addressing more than 50 vulnerabilities in the mobile operating system.
The most severe of the security flaws described in the October 2021 Security Bulletin is an issue in the Android System component that could be exploited to achieve remote code execution.
Only 10 vulnerabilities were resolved with the
2021-10-01 security patch level, the first part of this month’s update.
These include high-severity issues in Android runtime (an elevation of privilege bug), Framework (three elevation of privilege, two information disclosure and one denial of service issue), Media Framework (one elevation of privilege) and System (an information disclosure).
The second part of the software update, which will roll out to devices as the
2021-10-05 security patch level, addresses 41 vulnerabilities, 3 of which carry a severity rating of
critical.
According to Google, the most severe of these is a remote code execution flaw in the System component. Tracked as CVE-2021-0870, the issue impacts Android 8.1, 9, 10, and 11.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” Google notes in its
advisory.
