This vulnerability of the operating system has to do with the Linux kernel on which the Internet giant’s software is developed. This flaw is registered under the name CVE-2021-22600 and is related to a permissions error that cybercriminals have taken advantage of to gain local access to devices.
a serious problem
It was the researchers of the American company itself who uncovered this Linux problem and provided a solution to Linux developers. However, this remedy has taken a few months to reach Android to eradicate and put an end to this issue.
Last April, CISA (Certified Information Systems Auditor) warned that this system fragility was being used and exploited to execute malware attacks. In fact, it was included in what they call “Catalog of Known Exploited Vulnerabilities.
It is not entirely clear how hackers have taken advantage of this gap, but everything indicates that they used it to obtain permissions on the system. We must remember that for some versions of Android, the permissions have become stricter, something that will also enhance the future version of the software.
This makes it somewhat difficult for anyone to acquire the necessary permissions to carry out advanced functions. Precisely for this reason, it is conceivable that they have taken advantage of this situation to obtain higher-ranking privileges.
Other Android fixes
Through the security bulletin distributed by Google this May, where they also confirm that the CVE-2021-22600 error may be subject to limited and targeted exploitation, other issues have appeared that the American company has also resolved.
- Four privilege escalation bugs and one information disclosure bug in the Android Framework.
- Three privilege issues, two information disclosure issues, and two denial of service issues.
- Three permissions failures and one information failure in kernel components.
- Up to three high severity vulnerabilities in MediaTek processors.
- 15 high security bugs and one critical bug in Qualcomm processors.
It is necessary to point out that these corrections are part of the security patch released yesterday and not the first one published on the first day of May. Even so, users must wait, since they will not come into force until the first security patch next month, whose launch is scheduled for June 1, 2022. Be careful, because those whose smartphone uses Android 9 or lower, will not will be able to update to this version, so you should update your mobile phone software as much as possible before it’s too late.