The June 2022 Android updates provide a remedy for a major RCE vulnerability
It’s the first Monday of the month, which means a new Android Security Bulletin is out. Google released the Android Security Bulletin for June 2022 right on time. They’ve also begun pushing out fresh upgrades to all of the Pixel smartphones that are now supported. In addition, the latest update for Pixel phones includes the latest Pixel Feature Drop in the form of the first stable release of Quarterly Platform Release (QPR) 3.
Google has released security patches for Android devices running OS versions 10, 11, and 12 in June 2022, which address 41 vulnerabilities, five of which are classified as serious.
The security update is divided into two parts, each of which was delivered on June 1 and June 5. The first contains Android system and framework fixes, while the second contains the kernel and third-party vendor closed source component upgrades.
CVE-2022-20210, a remote code execution weakness that threat actors can exploit without meeting stringent requirements, stands out among the five major vulnerabilities patched this month.
Remote code execution issues are especially dangerous since they can lead to data leakage, high-level system compromise, and device takeover.
CVE-2022-20140 and CVE-2022-20145, both critical-severity escalation of privilege problems, are two other key patches that arrived with the initial patch level. Malware that has infiltrated a device via a low-privilege pathway, such as installing a seemingly innocuous application, generally exploits these vulnerabilities to increase its execution privileges.
CVE-2022-20130, a serious weakness in the Media Codecs component, is the fourth significant flaw addressed by the “June 1 2022” patch version. The fifth critical flaw update only affects Unisoc chips, hence it’s only available till patch level “June 5 2022.”
This vulnerability, dubbed CVE-2022-20210, was found earlier this month by Check Point researchers, who determined that a faulty packet could be used to disable the device’s radio connectivity.
Unisoc makes up roughly 11% of the Android market, and is largely found in low-cost or rugged devices utilized by the military and others. Even if none of the following vulnerabilities are currently recognized as actively exploited, it is critical to apply the applicable update as soon as it becomes available for your device.