Android versions 8.1, 9, 10 and 11 are vulnerable. On patch day in October, Google closed a number of security holes. The majority is with the threat level “high“Classified.
In a warning message do you have google eine as „critical“Classified system vulnerability (CVE-2021-0870). Remote attackers should be able to execute malicious code in the context of a privileged process in the course of a specially prepared transmission.
Two more “critical“Vulnerabilities (CVE-2021-11264, CVE-2021-11301) affect WLAN components from Qualcomm. Further details on possible attacks and effects are currently not known. In the current Android versions, further gaps have been closed in various Qualcomm components.
Even more security holes
In addition to the system, vulnerabilities in Android such as kernel components and the media framework could serve as a gateway for attackers. After successful attacks, they could access actually isolated data or obtain higher user rights.
If you have an Android device, you should check the security patch level in the settings. Stands there 2021-10-01 or 2021-10-05 the current security patches are installed. In addition to Google, LG and Samsung, among others, also deliver monthly updates for certain device series (see box on the right). The source code of the patches is also available in the repository of the Android Open Source Project (AOSP).
Google’s Pixel series devices have a few this month Extra security updates receive. Of the 20 closed gaps, only one vulnerability (CVE-2021-0939) is in Titan-M with “high“Classified.
In addition to Google, other manufacturers regularly publish security patches – but mostly only for a few product series. Devices from other manufacturers receive the updates much later or, in the worst case, not at all.