Google has started rolling out security fixes with its January 2021 security updates for Android devices. The latest security fixes will address 42 vulnerabilities in Android’s System component, 15 vulnerabilities in Framework, and over 19 vulnerabilities in Kernel, MediaTek, and Qualcomm components. Google has listed the details of all the security flaws that affect Android devices in its Android Security Bulletin and provided security patch levels of January 5, 2021, or later.
System Component Vulnerabilities
According to Google, the most severe critical security vulnerability, tracked as CVE-2021-0316, in the System component could allow a remote attacker to execute arbitrary code execution within the context of a privileged process. The other three flaws addressed in Android’s System component include two elevations of privilege issues and one information disclosure vulnerability.
“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” Google said.
Vulnerabilities in Framework
Apart from 15 severe flaws, the latest security patch level also fixed a critical denial of service (DoS) flaw, eight high-severity elevations of privilege bugs, four high-severity information disclosure issues, one high-severity DoS flaw, and one medium-severity remote code execution vulnerability in Framework components.
Vulnerabilities in Kernel, MediaTek, and Qualcomm
A total of 19 vulnerabilities in Kernel (three high-severity flaws), MediaTek (one high-severity issue), and Qualcomm components (six high-severity bugs) were fixed with the new security update.
In addition, Google also released patches to fix vulnerabilities in its Pixel devices. The Pixel Update Bulletin addressed four severe bugs, including a high-severity elevation of privilege in Framework (CVE-2020-27059), a moderate flaw (CVE-2021-0342) in Kernel components, a moderate flaw (CVE-2020-11160) in Qualcomm components, and one more flaw (CVE-2020-11161) in Qualcomm closed-source components.