Nov 3, 2021
0 0

Android November patch fixes actively exploited kernel bug

Written by

FBI: Ransomware targets companies during mergers and acquisitions
Microsoft Defender for Windows is getting a massive overhaul
macOS Monterey update causes some Macs to become unbootable
Microsoft announces new endpoint security solution for SMBs
BlackMatter ransomware claims to be shutting down due to police pressure
Facebook deletes 1 billion faceprints in Face Recognition shutdown
Over 30,000 GitLab servers still unpatched against critical bug
Microsoft 365 outage blocks access to OneDrive, SharePoint files
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.
Among the fixes, there’s one that plugs CVE-2021-1048, a local escalation of privilege caused by a use after free weakness, which, according to Google, is under limited, targeted exploitation.
Not many technical details have been released around this flaw yet, as original equipment manufacturers (OEMs) are currently working on merging the patch with their custom builds, so most Android users are vulnerable.
The most severe issues addressed by the November 2021 patch are two critical System remote code execution (RCE ) bugs tracked as CVE-2021-0918 and CVE-2021-0930.
These flaws enable attackers to execute arbitrary code within the context of a privileged process by sending a specially crafted transmission to the target device.
Two more critical flaw security flaws addressed with this month’s patch are those for CVE-2021-1924 and CVE-2021-1975, both impacting Qualcomm components.
The fifth critical flaw fix lies in Android TV’s “remote service” component and is an RCE tracked as CVE-2021-0889.
Exploiting this flaw would enable an attacker near the device to execute code without privileges or user interaction.
As a reminder on how Android patch levels work, Google releases at least two of them each month, and for November, it’s 2021-11-01, 2021-11-05, and 2021-11-06.
Those who see an update alert marked as 2021-11-01, it means that they will get the following:
Those who see either 2021-11-05 or 2021-11-06 patch levels will receive all of the above, plus the November vendor and kernel patches.
This is the first security patch for the recently-released Android 12, but many of the fixes go back to versions 11, 10, and 9, depending on the scope of the addressed vulnerabilities.
If you are using older Android versions, you are not covered by this patch level, and your device is vulnerable to yet one more actively exploited flaw.
Finally, this is the first patch level not delivered to Pixel 3, which marks the official end of support for one of Google’s most beloved devices.
Android October patch fixes three critical bugs, 41 flaws in total
Emergency Google Chrome update fixes zero-days used in attacks
Millions of Android users targeted in subscription fraud campaign
Google cuts Play Store dev fees to 15% for all subscriptions
Study reveals Android phones constantly snoop on their users
Official support may have ended, but apparently there is supposed to be one final update for the Pixel 3 in early 2022. From androidcentral
Not a member yet? Register Now
Microsoft Defender for Windows is getting a massive overhaul
Kaspersky’s stolen Amazon SES token used in Office 365 phishing
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.