Google Patches ‘Critical’ Android Flaws

Google has patched a serious Android bug that could allow remote attackers to execute malicious code on devices running the software.

The bug, which affects the Media framework in Android versions 6.x Marshmallow to 8.1 Oreo, involves the use of a specially crafted file and can execute arbitrary code within the context of a privileged process.

Google ranked the issue as ‘critical’ based on the effect exploiting it would have if mitigations were turned off or bypassed. Security software such as Google Play Protect can block attacks attempting to exploit the bug.

The company said it wasn’t aware of any reports that the bug or the others released in its March security update were being actively exploited.

The Pixel XL 2. Credit: Google

Eleven ‘critical’ flaws

Google’s Android Security Bulletin for March lists a total of 37 vulnerabilities, 11 of which are ranked as critical, including four affecting the Media framework.

Three of those bugs allowed remote code execution, with the fourth permitting attackers to obtain higher privileges, and thus to penetrate more deeply into the system.

Four bugs in the Android System allow attackers to execute remote code, as do two affecting Qualcomm components. Issues affecting Kernel and Nvidia components were considered less severe, with some allowing local malicious applications to execute code.

Google said it would release updated factory images for Pixel and Nexus devices immediately, with over-the-air (OTA) updates set to follow soon. Updates from other device manufacturers usually follow some time after Google’s initial patches.

Users who don’t want to wait for the OTA updates can manually apply the images to their devices using desktop-based software.

Google said it would release the patches to the Android Open Source Project (AOSP) repository within the next 48 hours.

What do you know about mobiles past and present? Try our quiz and find out!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Russia Seeks To Fine Google, Meta On Annual Turnover

Russian regulator applies to court to fine US tech giants percentage of annual Russian turnover,…

3 hours ago

The Business of the Metaverse

Is Facebook’s vision of the Metaverse a realistic proposition for businesses? Silicon UK spoke to…

6 hours ago

Apple Loses Engineering Director From Car Project

Another departure of a major figure from Apple's much delayed Car project, as director of…

21 hours ago

Former Google Scientist Timnit Gebru Founds AI Institute

One year after her controversial exit from Alphabet's Google, AI scientist Timnit Gebru launches small…

23 hours ago

Apple Shares Dip Amid Slowing iPhone 13 Demand – Report

Worrying sign? Apple tells suppliers that consumer demand for the iPhone 13 has slowed, ahead…

1 day ago