Google patches critical Android 12 security flaws
The vulnerability could allow hackers to escalate privileges remotely without user intervention
Google has resolved a critical security flaw in Android 12 with its February 2022 Android security update.
The vulnerability, code-named CVE-2021-39675, affected the System component and could allow hackers to gain admin privileges remotely.
Google's Android Security Bulletin also addresses a second critical vulnerability, CVE-2021-30317, which affects a closed-source component built by Qualcomm and was active on all Android devices fitted with the hardware.
Vulnerability and patch management
Keep known vulnerabilities out of your IT infrastructureFree Download
Thus far, there have been no reports of active exploitation of either of the now-patched vulnerabilities.
Aside from CVE-2021-39675 and CVE-2021-30317 vulnerabilities, Google issued fixes for five high-severity flaws in Framework, four high-severity bugs in Media Framework, seven high-severity to critical flaws in System, two vulnerabilities of unknown severity in Media Provider, one high-severity flaw in Amlogic components, five high-severity bugs in MediaTek components, three high-severity flaws in Unisoc components, and six high to critical severity vulnerabilities in Qualcomm components.
“The severity assessment of bugs is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” explained Google.
However, the search giant noted that the severity of vulnerabilities affecting Amlogic, MediaTek, Unisoc, and Qualcomm components are determined by the source vendor.
Google Play system updates and security updates are available for Android devices running Android 10 and later.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download