Google has fixed a critical vulnerability in Android 12 that could allow hackers to reach destination without user interaction. The company says in its February 2022 Android Security Bulletin that the flaw, marked as CVE-2021-39675, is “a critical vulnerability in the system component that could lead to remote elevation of privileges without the need for additional execution privileges.” The patch ships with the February Security Update.
Unlike iOS, which is a fully centralized operating system where Apple controls patches, most Android manufacturers have their own operating system sub-brands, meaning that not every manufacturer can release updates for their devices at the same time. Given that Google is developing Android, Google-made phones (like the Pixel 6) are among the first to receive this patch.
Still, Google is notifying its partners of newly discovered vulnerabilities a month before releasing any changes. Therefore, we can assume that other manufacturers will release the update soon, at least for high-end phone models.
Meanwhile, five other highly critical flaws in the system component that were found and patched were also listed. These flaws include privilege escalation bugs in Android 11 and 12, as well as denial of service flaws in Android 10 and 11.
Apart from that, Google also mentions five high-severity vulnerabilities in Android Framework component, four high-severity bugs in Media Framework, and two MediaProvider bugs which were fixed with Google Play updates.
Android users can check Settings > Software Update at the bottom of the menu to manually check for updates…
45488
