Google Patches 77 Security Holes in Android
The August patchday brings fixes for five critical vulnerabilities. All supported Android versions up to and including Android 12 and 12L are vulnerable. Samsung starts distributing the August updates already in July.
Google has released the August updates for its Android mobile operating system. The Android Security Bulletin lists 37 vulnerabilities, one of which is rated critical. The Pixel Update Bulletin lists another 40 vulnerabilities. Here, the developers rate four vulnerabilities as critical.
All supported Android versions are affected, from Android 10 to Android 12 or 12L. The errors are found in the Framework, Media Framework, System and Google Play System components. In addition, the Android file system and components from Imagination Technologies, MediaTek, Unisoc and Qualcomm are vulnerable. The patches are intended to prevent unauthorised escalation of user privileges, disclosure of confidential information and denial-of-service attacks, among other things.
The highest severity level, “critical”, is assigned to a bug in the Android system. However, it only occurs under Android 12 and 12L. An attacker may be able to remotely inject and execute malicious code.
Samsung starts August patchday in July
With the Pixel update, Google continues to distribute fixes for components such as the kernel and modem. Again, Google warns of possible unauthorised privilege escalation, theft of confidential data and remote code execution.
Google’s Android partners have had the details of the updates available for at least 30 days. The Android Open Source Project will also have access to the bug fixes shortly, according to Google. Google is distributing the fixes to its Pixel devices over-the-air. However, current firmware images are also available for download on Google’s developer website.
Besides Google, Samsung, Huawei, LG, Motorola, Nokia, OnePlus and Oppo also publish regular security updates for their Android devices. Samsung has already been distributing the August patches for the flagship models Galaxy S20, Galaxy S21 and Galaxy S22, among others, since last week. However, depending on the manufacturer and product, it can take up to several months for the August patches to reach all update-eligible devices.