Google Fixes Critical Remote Escalation Vulnerability in Android 12 in Latest Security Patch

Google’s latest batch of monthly security updates addresses a critical Android 12 vulnerability, among other flaws.

The vulnerability, tracked as CVE-2021-39675, is found in an OS system component and can be leveraged by attackers to elevate their privileges remotely, without user interaction and further execution privileges, according to Google’s security bulletin.

Although the company offered few details of the flaw, it referenced an Android wireless NFC code source-level change that implements an additional check, ensuring that a size parameter is well within its limits.

The Google security updates also patch five other high-severity system component vulnerabilities, including a Denial of Service (DoS) flaw in Android 10 and 11, and privilege escalation in Android 11 and 12.

On top of that, security researchers identified five critical Android Framework privilege escalation vulnerabilities, two MediaProvider flaws, and four high-severity Media Framework bugs - all patched through Google Play system updates.

Last but not least, the security update roll-out patched four more bugs on Pixel devices, including two high-severity camera and battery functioning issues and two moderate kernel-level Qualcomm code flaws.

The security bulletin includes a summary of mitigations that users can apply to reduce the likelihood of vulnerabilities being exploited on their devices:

• Update to the latest version of Android where possible, as the latest OS enhancements can efficiently curb the incidence of these attacks
• Don’t install apps from untrusted sources; Google Play Protect is enabled by default on devices with Google Mobile Services and can protect your device from malicious apps

Google Pixel owners will be among the first to retrieve and apply the monthly security update rollout. This February series of patches is the last official Google Pixel 3 update. After this rollout, Pixel 3 and Pixel 3 XL owners will no longer get security and Android version updates as the devices officially reach their end-of-support threshold.