Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android

From securityweek.com

Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege.

The first part of the monthly update, which arrives on devices as the 2021-02-01 security patch level, includes fixes for a total of 20 vulnerabilities, 15 of which lead to elevation of privilege.

The most important of these vulnerabilities is a critical flaw in the Media Framework component that could allow an attacker to execute arbitrary code on a vulnerable device. The attacker needs to supply a specially crafted file to trigger the bug.

Tracked as CVE-2021-0325, the issue is considered critical on Android 8.1 and 9 platform releases, but has only a high severity rating on Android 10 and 11, Google’s advisory explains.

Read more…