Two high-risk vulnerability warnings in Google Android

 1.  Basic situation

Recently, Google issued a security bulletin to fix multiple security vulnerabilities in Google Android. Among them, the CVE numbers: CVE-2021-0475 and CVE-2021-0489 are difficult to exploit, and the vulnerabilities are more harmful. Attackers can use these vulnerabilities to implement remote code execution or elevate local permissions. It is recommended that affected users update vulnerability repair patches in time for protection, and conduct asset self-checking and prevention work to avoid hacker attacks.



      2.  Vulnerability level

High risk

      3.  Vulnerability description

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). Mainly used in mobile devices, such as smart phones and tablets.

1. Google Android System remote code execution vulnerability (CVE-2021-0475)

The System component of Google Android 10 and 11 has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code execution.

2. Google Android Privilege Escalation Vulnerability

Google Android has a privilege escalation vulnerability. The vulnerability is due to the lack of boundary checking in the memory management driver, which may lead to out-of-bounds write vulnerabilities. Attackers can use this vulnerability to increase local privileges.

      Fourth, the  scope of influence

1. CVE-2021-0475

Google Android 10

Google Android 11

2. CVE-2021-0489

Google Android

      Five,  safety recommendations

Currently, the vulnerability has been officially fixed, and it is recommended that affected users install the repair patch as soon as possible.

https://source.android.com/security/bulletin/2021-05-01

      6.  Reference link

https://source.android.com/security/bulletin/2021-05-01


source: Beijing Qihoo Technology Co., Ltd., Sangfor Technology Co., Ltd.


Post a Comment

Previous Post Next Post