An actively exploited vulnerability was fixed with a recent Android update. It comes under the Linux kernel.
Google has just released a patch to close a severe security flaw in Android.
A vulnerability in the Linux kernel
The vulnerability is known as CVE-2021-22600. According to Google, it has already been exploited, so ” limited and targeted “. The CISA (Cybersecurity and Infrastructure Security Agency) is more anxious and evokes a security flaw actively exploited in the context of attacks. It has also added it to its catalog of known exploited vulnerabilities.
The security flaw relates to the Linux kernel, which serves as the kernel for Android. It was identified several months ago, and a patch was developed in January by Google teams and integrated by various distributions (Debian, Red Hat, SUSE and Ubuntu). But this was not applicable to its own mobile operating system, which uses a custom Linux kernel. That’s why the fix is only coming now.
This vulnerability allows attackers with local access to unlock privilege escalation and execute commands that should not be enabled.
MediaTel and Qualcomm flaws also fixed
The hotfix patch has been available individually since May 5, 2022, but it’s not part of this month’s big Android security update. So if you have already downloaded the patch from 1er you may have to go get the new one to be protected. Otherwise, it will be included in the June major security patch.
Regularly check your available updates, the deadlines vary significantly depending on the manufacturers and the model of the smartphone for the provision of security patches. If your mobile is old, be aware that the patch should not be deployed on versions prior to Android 10.
Many other critical vulnerabilities have been fixed, including 3 involving MediaTek components and 15 involving Qualcomm components. In addition, a security flaw deemed critical relating to Qualcomm hardware has also been corrected.
On the same subject :
Major flaw in Google Chrome… hurry up to update!
Source : BleepingComputer
11