14 DAY TRIAL // Google's Android operating system update for May 2021 addresses a total of 42 vulnerabilities, four of which are marked as critical severity.
The new security patch 2021-05-01 fixes three main critical flaws which were identified in the System component. All these three security breaches could be exploited to run arbitrary code on a vulnerable Android device.
As Google explains, "The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process." Also, they are stating that the severity's impact grade on the vulnerability is more likely to be higher if the platform and service mitigations are disabled for development purposes, or if the vulnerability is bypassed successfully.
Google's smartphone Operating System has its own security system, dubbed Android Security Platform, and relies on service protections such as Google Play Protect. These features make it less likely for security breaches on Android to be successfully exploited.
Vulnerability notes for the 2021-05-01 security patch level
In the Framework section, the most serious vulnerability entails that a malicious local app can bypass user interaction requirements and, therefore, gain access to additional permissions. This vulnerability is divided into different tracking names associated with corresponding Android versions. CVE-2021-0472 affects Android 9, 10 and 11; CVE-2021-0485 only affects Android 11 and CVE-2021-0487 only affects Android 11.
Besides these critical flaws, Android OS has been patched for five other high-severity vulnerabilities. Three of these are related to privilege advancement, while the other two are associated with leaking information.
The second Android security update of this month, the 2021-05-05 security patch level patch, fixes 29 vulnerabilities in operating system's components including the kernel, framework, AMLogic, ARM, MediaTek, Unisoc, Qualcomm, and Qualcomm closed source.
The most serious of these security breaches is CVE-2021-0467, a critical vulnerability found in AMLogic BootROM that enables an attacker to execute arbitrary code even before the data signature is performed.
There are 28 more vulnerabilities related to 2021-05-05 security patch level, but only one of them is tagged as medium severity. The other 27 issues found are marked as high severity.
Consequently, it is not only highly recommended, but also wise to make sure your Android phone is updated. Not only will you keep your smartphone malware free, but you can also benefit from privacy protection.