Google fixes a critical Android RCE flaw in the System component

Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE (CVE-2021-0507).

Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE tracked as CVE-2021-0507 that could allow to take over a device.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.” reads the Android Security Bulletin.

The CVE-2021-0507 resides in the System component of the Android OS, an attacker could exploit the flaw by using a specially crafted transmission and execute arbitrary code within the context of a privileged process.

Google also addressed a critical elevation-of-privilege (EoP) issue in the System component tracked as CVE-2021-0516. The remaining flaws in the System component are rated as high severity.

Google fixed multiple high-severity EoP vulnerabilities in other components, including the Media Framework, the System, and the Kernel.

Google also fixed several high-severity information-disclosure issues for Android, including a local information disclosure tracked as CVE-2021-0521.

The IT giant addressed a total of 43 security flaws in multiple components, including Android runtime, Framework, Media Framework, System, kernel components and Pixel components.

The most severe issues of them are CVE-2021-0607 and CVE-2021-0608 EoP issues in Pixel components, the CVE-2021-0565 EoP issue in Media Framework and the CVE-2021-0571.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, mobile)

The post Google fixes a critical Android RCE flaw in the System component appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source