CERT-In Vulnerability Note
CIVN-2021-0227
Multiple Vulnerabilities in Android OS
Original Issue Date:September 14, 2021
Severity Rating: HIGH
Software Affected
- Google Android Versions 8.1, 9, 10, 11
Overview
Multiple vulnerabilities have been reported in Google Android which could be exploited by an attacker to execute arbitrary code, obtain sensitive information or gain elevated privileges on the targeted system.
Description
These vulnerabilities exist in Google Android due to flaws in the Framework Component, Media Framework, System Component, Kernel Component, MediaTek components, Unisoc components, Qualcomm components and Qualcomm closed-source components. These vulnerabilities could enable a local malicious application to bypass operating system protections that isolate application data from other applications and also bypass user interaction requirements to gain additional permissions; allows a local attacker to gain access to additional permissions using a specially crafted transmission. These may also allow a remote attacker to cause Denial of Service.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code to disclose potentially sensitive information; cause denial of service and gain elevated privileges on the targeted system.
Solution
Apply appropriate software updates as provided by various device manufacturers:
https://source.android.com/security/bulletin/2021-09-01
Vendor Information
Android
https://source.android.com/security/bulletin/2021-09-01
CVE Name
CVE-2021-0428
CVE-2021-0595
CVE-2021-0598
CVE-2021-0635
CVE-2021-0636
CVE-2021-0644
CVE-2021-0680
CVE-2021-0681
CVE-2021-0682
CVE-2021-0683
CVE-2021-0684
CVE-2021-0685
CVE-2021-0686
CVE-2021-0687
CVE-2021-0688
CVE-2021-0689
CVE-2021-0690
CVE-2021-0691
CVE-2021-0692
CVE-2021-0693
CVE-2021-0695
CVE-2021-1886
CVE-2021-1888
CVE-2021-1889
CVE-2021-1890
CVE-2021-1909
CVE-2021-1923
CVE-2021-1933
CVE-2021-1934
CVE-2021-1935
CVE-2021-1941
CVE-2021-1946
CVE-2021-1948
CVE-2021-1952
CVE-2021-1971
CVE-2021-1974
CVE-2021-30290
CVE-2021-30294
CVE-2021-30295
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|