The February 2022 Android security updates are out, and two critical vulnerabilities affecting Android 12 and Android devices with Qualcomm devices have been fixed. One of these was a critical remote privilege escalation issue that didn’t require any user interaction. Flaws like these allow remote attackers to get full access to your device remotely.
This works by an attacker finding a weak point in the system, allowing them just enough access to the hardware or data that they need. Once they gain this basic level of access, they can exploit vulnerabilities like these to gain more access, escalating their privileges to access more sensitive data.
The remote escalation vulnerability was tracked as CVE-2021-39675 and carried a ‘critical’ rating, affecting only Android 12 devices. The other critical vulnerability was CVE-2021-30317 affecting a Qualcomm closed source component, affecting only devices using Qualcomm’s hardware.
Flaws like CVE-2021-39675 are often exploited by spyware vendors who independently find and use these zero-days. However, according to Google, no signs of active exploitation were seen in this case.
February Fix update
Overall, Google fixed 33 bugs in this update. Here’s a breakdown of everything that got fixed.
- Five highly severe bugs in Framework.
- Four highly severe bugs in Media Framework.
- Six highly severe and one critical flaw in System.
- Two bugs of undefined severity in MediaProvider.
- One high severity bug in Amlogic components.
- Five high severity bugs in MediaTek components.
- Three high severity bugs in Unisoc components.
- Five highly severe bugs in Qualcomm components. Additionally, five high severity and one critical bug fixed in Qualcomm Closed-source components.
Technical details about the vulnerabilities aren’t available now since Android updates usually take a couple of months to reach the masses. Especially considering the fact that vendors further work on these updates to bundle them separately for each model. The exception is Google’s own Pixel lineup. All Pixels from 3a up to 6 Pro are already receiving these updates.
Another thing to keep in mind is that the updates released this month are only concerned with Android 10, 11 and 12. If you’re on an older Android version, it’s high time to upgrade as your device is no longer covered under Google’s security updates.