14 DAY TRIAL // On Monday, Google released another round of security patches for Android patching 33 vulnerabilities that left users unguarded against a variety of hacking attacks.
The biggest threat comes from the Media Framework vulnerability, exploitation of which could allow a local malicious application to gain control of isolated application data, completely bypassing operating system defenses, according to Google’s advisory. The affected devices are not rendered unusable by the vulnerability, only their integrity is compromised if the vulnerability is exploited.
Three high-severity vertical privilege escalation flaws in Framework, a pair of elevation of privilege problems and three information reveals vulnerabilities in System, are all addressed by the new security patch (2021-08-01) released at the beginning of the week.
The August 2021 Android Security Bulletin fixes several security vulnerabilities affecting various hardware components and software issues
Another security patch level, 2021-08-05, is included in this month's security update, that addresses 24 vulnerabilities impacting Qualcomm closed-source components, Widevine DRM, MediaTek components, and Kernel components, among other things.
The most serious of the newly addressed vulnerabilities is a use-after-free vulnerability that could allow a threat actor to execute any command with the privileges of the kernel if successful. An attacker who successfully exploited these vulnerabilities could potentially gain complete control of an administrator account, allowing him to perform malicious actions on behalf of the account as if it were a privileged user.
It is possible that the user could be exposed to malicious software, custom data, or unauthorized accounts with full administrative capabilities if the privileges and functionality provided by this program are not sufficient to prevent a threat actor from attacking them.
Three other vulnerabilities, all rated as moderate severity, were also fixed in the August 2021 Android Security Bulletin, the company said. Qualcomm's closed-source components were found to contain other vulnerabilities that have not yet been reported.