The August 2021 Android Security Bulletin fixes several security vulnerabilities affecting various hardware components and software issues. Another security patch level, 2021-08-05, is included in this month’s security update, that addresses 24 vulnerabilities impacting Qualcomm closed-source components, Widevine DRM, MediaTek components, and Kernel components, among other things. The most serious of the newly addressed vulnerabilities is a use-after-free vulnerability that could allow a threat actor to execute any command with the privileges of the kernel if successful. An attacker who successfully exploited these vulnerabilities could potentially gain complete control of an administrator account, allowing him to perform malicious actions on behalf of the account as if it were a privileged user.
According to Google’s advice, the most serious issue is the Media Framework vulnerability, which if exploited may allow a local malicious programme to acquire access of isolated application data, entirely evading operating system safeguards. The vulnerability does not render the affected devices useless; rather, it compromises their integrity if the vulnerability is exploited. The latest security patch (2021-08-01) issued at the beginning of the week addresses three high-severity vertical privilege escalation flaws in Framework, two elevation of privilege issues, and three information exposes vulnerabilities in System.
It is possible that the user could be exposed to malicious software, custom data, or unauthorized accounts with full administrative capabilities if the privileges and functionality provided by this program are not sufficient to prevent a threat actor from attacking them. Three other vulnerabilities, all rated as moderate severity, were also fixed in the August 2021 Android Security Bulletin, the company said. Qualcomm’s closed-source components were found to contain other vulnerabilities that have not yet been reported