Google published its June Android Security Bulletin on Monday, which details more than 40 security vulnerabilities affecting Android devices and related patches.
In the advisory, the tech giant explains that the most serious of these is a critical security flaw in a system component that could lead to remote code execution. [RCE] without additional execute privileges.
“Severity assessment is based on the impact that a vulnerability exploit can have on an affected device, assuming that platform and service mitigations are disabled for development purposes, or if successfully passed,” advises.
Tracked as CVE-2022-20127, this vulnerability can affect unpatched systems running Android versions 10, 11, 12, and 12L.
However, there are other RCE vulnerabilities mentioned in the bulletin, which can affect the Framework, Media Framework, and Kernel of certain Android devices, respectively.
In the document, Google also addresses vulnerabilities arising from certain manufacturers’ hardware, including components from MediaTek and Qualcomm, as well as Motorola’s Unisoc chip.
Security patch 2022-06-01 is reported to fix the 4 critical vulnerabilities mentioned above, along with 5 security flaws in the Framework, 13 in the System component, and another 18 in the Kernel components. , MediaTek, Unisoc and Qualcomm.
On the other hand, security patch levels 2022-06-05 (or later) address all issues related to security patch levels 2022-06-05 and all previous patch levels.
Google added that for some devices running Android 10 and above, the Google Play system update will have a date sequence that matches the 2022-06-01 security patch level.
While these vulnerabilities have been patched, security on Android is a broader issue. Recent data from Check Point shows how thousands of mobile apps were exposed to user data due to misconfiguration of the back-end cloud database in March.
More recently, the Cybersecurity and Infrastructure Agency (CISA) added 41 vulnerabilities to its list of known exploits, including two related to the Android system.