Vulnerabilities discovered by Google can lead to remote code execution or elevation of privilege, without attackers needing to have significant privileges initially.
If you have a smartphone or tablet with Android 10, 11, 12 or 12L, it is essential to update your system. Google has just published its security bulletin for the month of June and the harvest is important. The publisher corrects no less than 41 vulnerabilities, five of which are considered critical. Only consolation: none are of type zero day and hackers don’t seem to have exploited them yet.
Of these five vulnerabilities, two can lead to remote code execution (RCE) and two can lead to elevation of privilege (EoP). Three flaws impact the system and another concerns the multimedia components. They could be exploited by hackers in the form of malicious software (malware) installed from seemingly harmless applications.
The CVE-2022-20210 vulnerability concerns communication circuits produced by the Chinese company Unisoc, which are present in approximately 11% of Android devices according to our colleagues at Bleeping Computer. They are, for example, present in low-end smartphones and in reinforced models. The vulnerability discovered by CheckPoint researchers shows that it is possible to jam the device’s radio communications system by sending it an incorrectly formatted data packet.
It is therefore essential to update your smartphone or tablet. The operation is normally performed automatically, but you can force it manually by going to your terminal’s system settings. Note that the patches were sent in two waves. So if you have already made an update at the beginning of the month, it is advisable to check if a new salvo is not available.