Android security update for October 2021

Google has released the latest Android operating system security update for the month of October 2021. The announcement of the security update was made yesterday, and the updated security update will be made available through the Android Open Source Project (AOSP) repository within two days of the announcement.

Previous to this security update of 5th October, Google had rolled out another security update on 1st October 2021. Together, both security updates seek to address serious and exploitable vulnerabilities on the Android eco-system.

Current month’s update of the Android Open Source Project (AOSP) fixes multiple vulnerabilities. The fix contains resolution of vulnerabilities that included 3 Critical vulnerabilities and 38 High impact vulnerabilities for the potentially affected Android devices. Below, we will look at the critical and high impact vulnerabilities with the different scopes of the affected Android Open Source Project.

Vulnerabilities resolved through Android update of 1st October, 2021?

Android security update for the month of October 2021 contains fixes for multiple vulnerabilities that are listed below alongside the affected component of the Android operating system. Below we list the ten vulnerabilities that have been addressed through the security update of October 1st, 2021. All these carry HIGH impact for the potentially affected devices.

1. Android Runtime – one HIGH impact vulnerability – CVE-2021-0703. This vulnerability only affects the Android 11 update and has been fixed in the Android 11 security update.
2. Android Framework – six HIGH impact vulnerabilities – CVE-2021-0652, CVE-2021-0705, CVE-2021-0708, CVE-2021-0702, CVE-2021-0651 and CVE-2020-15358.
3. Android Media Framework vulnerabilities resolved in October 2021 – one HIGH impact vulnerability – CVE-2021-0483 that has been mitigated for the Android 10 and Android 11 operating systems.
4. Android System – two HIGH impact vulnerabilities affect the System component. These vulnerabilties are the CVE-2021-0643 and CVE-2021-0706.

Vulnerabilities resolved through Android update of 5th October, 2021?

The subsequent update of 5th October, 2021 address 3 critical vulnerabilities on the Android operating system.

1. Android System – one critical vulnerability that has the potential risk of a remote code execution has been fixed for the Android operating systems 8.1, 9, 10 and 11. The vulnerability has been published under CVE-2021-0870.
2. Qualcomm components – two critical vulnerabilities on the QUALCOMM WLAN components have been resolved for the Android operating system. These vulnerabilities were first detected in 2020. The vulnerabilities have been fixed under CVE-2020-11264 and CVE-2020-11301.
3. Android Kernel – six HIGH impact vulnerabilities have been fixed for the Kernel.
4. Android Telecommunication – one HIGH impact vulnerability that affects the telecommunication stack on the Android operating system has been mitigated for the modem on the phone.
5. Qualcomm Components – Aside from two critical vulnerabilities on Qualcomm, there have been 32 other HIGH impact vulnerabilities that have been fixed for multiple Qualcomm components. 21 of these Qualcomm components are closed-source components and hence any details pertaining to these vulnerabilities are unlikely to publicly released.

How can I get the latest Android security update for the Android Open Source Project or AOSP?

Google will begin patching the Android operating systems on the Pixel phones. Other Android phones will get the updates through the mobile phone manufacturers. So, if you have a Samsung phone, you will get the security update through Samsung.