Google has released the Android Security Bulletin for November 2021 with patches for 36 vulnerabilities, to include five High risk bugs and one zero-day being exploited in the wild.
According to the Android security update, two of the most severe vulnerabilities (CVE-2021-0918 and CVE-2021-0930) are in the system components that could allow “a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.”
CVE-2021-0918 affects Android Open Source Project (AOSP) version 12, whereas CVE-2021-0930 impacts AOSP versions 9, 10, 11, ad 12.
Moreover, Google warned that one High severity vulnerability (CVE-2021-1048) “may be under limited, targeted exploitation.” This vulnerability could lead to a local escalation of privilege due to a use after free flaw in the Kernel component of Android.
Additional fixed Critical vulnerabilities worth noting include the following flaws:
- CVE-2021-0889: Remote code execution in Android TV Remote Service.
- CVE-2021-1924: Qualcomm closed-source components.
- CVE-2021-1975: Qualcomm closed-source components.
Users can check their device’s security patch level by following this Google support link: Check and update your Android version.