Google’s January Android Security bulletin has addressed 43 critical software bugs that have been affecting Android handsets including big brands such as Samsung.
Within the 43 bugs, Google has fixed 2 critical bugs that affected all android devices. These critical bugs allowed remote hackers to execute arbitrary code.
Among these critical flaws included a remote code execution in Google’s Android phone System component which is the core of the Android operating system. Another flaw which was classified as extremely serious was a denial-of-service issue in the Android Framework component. This affected a set of APIs which allows developers to write apps quickly and easily for Android devices.
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” stated by Google. These critical flaws are now fixed in Android versions 8.0, 8.1, 9, 10 and 11.
Along with these critical fixes Google also had to fix 13 other serious flaws which included eight elevation of privilege issues, four information disclosure flaws and 1 DoS flaw. 3 more flaws were found in the Media framework which offers support for playing audio, video, and images.
Finally, Google has implemented fixes for flaws in third-party components in the android ecosystem. This included 3 high severity flaws in the kernel, this could enable a local malicious application to bypass the operating system protections that isolate application data from other apps installed on the system.
Although monthly bug fixes are a well-known and expected occurrence in the software industry, this month’s security bulletin has addressed many critical bug fixes. The takeaway from this is to ensure you keep your devices up to date to limit security flaws and vulnerabilities.