Google releases an Android update to address an actively exploited vulnerability | #android | #security


Google has released monthly security patches for Android that address 37 flaws across various components, one of which is a fix for an actively exploited Linux kernel vulnerability that was discovered earlier this year. The vulnerability, tracked as CVE-2021-22600 (CVSS score: 7.8), is rated “High” for severity and could be exploited by a local user to escalate privileges or deny service.

It’s worth noting that the vulnerability has also been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities Catalog as of last month based on evidence of active exploitation. Also fixed as part of this month’s patches are three other bugs in the kernel as well as 18 high-severity and one critical-severity flaw in MediaTek and Qualcomm components. Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.

The issue relates to a double-free vulnerability residing in the Packet network protocol implementation in the Linux kernel that could cause memory corruption, potentially leading to denial-of-service or execution of arbitrary code. Patches were released by different Linux distributions, including Debian, Red Hat, SUSE, and Ubuntu in January 2022. “There are indications that CVE-2021-22600 may be under limited, targeted exploitation,” Google noted in its Android Security Bulletin for May 2022. Specifics about the nature of the attacks are unknown as yet.

News Summary:

  • Google releases an Android update to address an actively exploited vulnerability
  • Check all news and articles from the latest Security news updates.



Original Source link

Leave a Reply

Your email address will not be published.

seven + three =