On the first patch day this year, Google closed numerous security holes in various Android versions. But there is only one weak point as “critical“classified. For the majority of the remaining gaps the threat level applies”high“.
The warning message shows that the critical vulnerability (CVE-2021-30285) affects an unspecified Qualcomm component (closed-source). What attackers can do after successful attacks is currently unknown.
Google has identified a vulnerability (CVE-2021-0959 “high“) is most dangerous in Android Runtime in version 12 of the operating system. According to the brief description, local attackers could target there to circumvent storage restrictions and thereby gain access to additional authorizations. What attackers can do with them, Google is currently not doing.
DoS attacks and data leaks
The other weak points concern kernel components and the system. In most cases, attackers could acquire higher user rights here. In addition, DoS attacks are conceivable and attackers could access information that is actually isolated.
A separate warning message provides information on security patches tailored to Google’s Pixel series. Most vulnerabilities are subject to the threat level “highThe bootloader and kernel are affected, among other things. Here, too, attackers could upgrade their user rights.
Finally long-term updates?
If you have an Android device, you should make sure in the settings that the patch level 2022-01-01 or 2022-01-05 installed. In addition to Google, LG and Samsung also deliver security updates every month (see box on the right). Unfortunately, this doesn’t happen for all devices. It remains to be seen how the update obligation, which has been in force since the beginning of this year, will affect Android devices.
In addition to Google, other manufacturers regularly publish security patches – but mostly only for some product series. Devices from other manufacturers receive the updates much later or, in the worst case, not at all.
(of)