Google releases urgent Android security update – Download to stay safe | #android | #security


Android users need to download an essential security patch that Google has just released. The latest May 2022 security update fixes an Android vulnerability that was being actively exploited, with the flaw first discovered by Google researchers back in January. It’s not clear exactly what threat the vulnerability poses, but it has taken months for Google to rollout a fix to address this issue.

The flaw, which has been labelled CVE-2021-22600, is a Linux kernel vulnerability that threat actors can exploit with local access.

It has been given a 7.8 severity rating by the National Vulnerability Database (NVD), which means it ranks as a ‘high’ risk threat.

The fix for the dangerous Android vulnerability has been rolled as part of the most recent May 2022 security update.

In the patch notes for the download Google confirmed that “there are indications that CVE-2021-22600 may be under limited, targeted exploitation”.

The latest security patch in total brings with it over two dozen fixes including measures that address one critical flaw and 18 high risk severity flaws.

Among the fixes the new update includes is the long-awaited fix for CVE-2022-0847, which is more commonly known as the ‘Dirty Pipe’ exploit.

This vulnerability, which is one of the biggest Linux flaws in years, allows an unprivileged user to overwrite data that is supposed to be read-only. Not only this, but this can also lead to additional privilege escalation.

The fix for the flaw, which was first discovered in March, has been a long time coming – with Samsung releasing a patch to address this threat last month.

This rare scenario means the Galaxy makers beat Google to releasing a fix for the Android flaw by a whole month.

Speaking about what issues the latest patch fixes, Google says: “The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with User execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”

To make sure your phone has the latest version of Android installed, head to the Settings app of your phone. Then tap on System followed by System Update.

You will then be able to see your update status. Simply follow the steps on screen to make sure your phone is up-to-date.





Original Source link

Leave a Reply

Your email address will not be published.

1 + eight =