Google fixes “critical” Android 12 security flaw
Android 12 system component vulnerability could have led to remote escalation of privilege
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googlehas fixed a critical security flaw inAndroid 12which could have allowed crooks access to the target endpoint without user interaction.
In itsFebruary 2022 Android Security Bulletin, Google says that the flaw, tracked as CVE-2021-39675, is a “critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed.”
Other than that, there’s not much detail in the blog itself, howeverThe Registerspotted a source-level change in Android’s wireless near-field communication (NFC) code, that forces the code to ensure a size parameter isn’t too large. The publication also suspects Google decided to keep the whole thing hush-hush as it’s still in the middle of rolling out the patches.
Additional flaws discovered
Unlike iOS, which is a fully centralizedoperating systemwhereApplecontrols the patches, most Android makers have their own sub-brand of the OS, meaning all of them have to prepare patches for their devices separately. Given that Google develops Android, Google-made phones ( such as thePixel 6) will be among the first to receive this patch.
Still, Google notifies its partners of newly discovered vulnerabilities a month before publicizing anything, so it’s safe to assume that other vendors will be close behind, at least for their flagship models.
The announcement has also listed five other high-severity flaws found in the System component, that were patched. That includes privilege elevation bugs in Android 11 and 12, as well as denial-of-service flaws in Android 10 and 11.
Android 12 features, supported devices and what to know>Android 12L: what is it, and why does it matter?>How to set up an Android phone: our guide to switching on your new phone
Other than that, Google has also identified five high-severity flaws in the Android Framework component, four high-severity bugs in the Media Framework, and two MediaProvider flaws fixed throughGoogle Playupdates.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To check for updates manually, Android users can navigate to Settings > Software Update, which is located at the very bottom of the menu.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
