Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityPatchday: Attackers could escalate their rights on Android 10 to 13

Patchday: Attackers could escalate their rights on Android 10 to 13

Published on

- Advertisement -

Important security updates close some critical gaps in various Android versions.

 

If you own an Android device, you should make sure that the software is up to date. Otherwise, devices are vulnerable and attackers could access data without authorization or gain higher user rights. The current security patch level that can be read in the settings is 2022-10-05.

- Advertisement -

 

According to a warning message, Google released security patches for Android 10, 11, 12, 12L and 13 on patch day in October. In addition to Google, LG and Samsung, among others, also provide monthly security updates (see box on the right). Unfortunately, there is still no guarantee that all Android devices on the market will receive the patches.

Google classifies a vulnerability in the framework as the most dangerous. It is not clear from the description which gap this is. If attacks are successful, attackers should have higher user rights. No additional execution rights should be required for an attack.

If attackers successfully target security gaps in the media framework and system, they could access information that is actually inaccessible. DoS attacks are also conceivable. Other vulnerabilities in the kernel and kernel components could serve as a springboard for attackers to escalate their privileges.

- Advertisement -

In addition, attackers could exploit vulnerabilities in MediaTek and Qualcomm components, among others. Below that is a “critical” WLAN vulnerability (CVE-2022-25720). A memory error (out of bound) could occur at this point. Attackers can usually use this to run malicious code on devices.

As a post shows, Google’s Pixel series gets additional security updates. These include two vulnerabilities classified as critical in the kernel and trusty components.

 

Android patch day

In addition to Google, other manufacturers regularly release security patches – but mostly only for a few product series. Devices from other manufacturers receive the updates much later or, in the worst case, not at all.

  • BlackBerry
  • Fairphone 3
  • Huawei
  • LG
  • Motorola
  • Nokia
  • Samsung
  • Sony
  • Support for Nexus and Pixel devices
  • oppo

 

- Advertisement -

Latest articles

US bans sale of new Huawei and ZTE devices over “national security risk”

The United States Federal Communications Commission (FCC) sanctioned last Friday (25) a decision that...

How to save photos that disappear from WhatsApp

Although the implementation of the time limit on the photos sent on WhatsApp was...

More like this