July 2021 Security Updates for the Android OS Are Now Available
The Android Updates Patch Tens of High-Severity Vulnerabilities.
This week, Google has announced that the Android Operating System (OS) updates for July 2021, which include patches for over 40 flaws, are now available.
According to Google advisory, the most critical of these issues is a high-security vulnerability in the System component that could allow a remote threat actor to employ a specially crafted file to perform arbitrary code within the context of a privileged process.
2021-07-01 Security Patch Fixes 17 Android Vulnerabilities
As observed by SecurityWeek, seventeen of the bugs were tackled with the 2021-07-01 security patch level. These include:
- Two elevation of privilege vulnerabilities in Framework. The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.
- One elevation of privilege and one information disclosure issue in the Media framework. The most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process.
- Seven elevation of privilege and six information disclosure bugs in the System. The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.
All of these vulnerabilities have a severity rating of high and most of them impact devices running Android 8.1, 9, 10, and 11.
Google also brings up three security holes fixed with Google Play system updates. According to the organization, the issues are included in Project Mainline components.
2021-07-05 Security Patch Level Fixes 24 Android Vulnerabilities
The second part of the July Android update appears as the 2021-07-05 security patch level and fixes 24 bugs.
- One issue in Framework that could enable a local attacker with privileged access to gain access to sensitive data
- Four vulnerabilities in the System could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process
- One bug in MediaTek components
- One flaw in Widevine DRM
- Ten problems in Qualcomm components
- Seven vulnerabilities in Qualcomm closed-source components.
While most of the bugs presented in the July 2021 Android Security Bulletin are evaluated high severity, the 2021-07-01 security patch level addresses seven issues considered critical severity.
Two of these affect Widevine DRM and Qualcomm components, while the remaining five were addressed in Qualcomm closed-source components.
On July 7th, Google published a security bulletin that contains details of security vulnerabilities and functional improvements affecting supported Pixel devices.