The updates, for the Android operating system versions 10, 11 and 12, have been detailed in Google’s Android Security Bulletin. Among the most severe security vulnerabilities receiving updates is CVE-2022-20130, a vulnerability in Android’s Media Framework that could lead to arbitrary code execution, allowing an attacker to run commands with no additional privileges needed and CVE-2022-20210, a critical vulnerability in Unisoc chip firmware that allows attackers to remotely crash phones, leading to denial of service or remote code execution.  SEE: A winning strategy for cybersecurity (ZDNet special report) Unisoc is the fourth largest smartphone chip manufacturer in the world, accounting for an 11% share of the global market, with Unisoc chips used in millions of Android devices, particularly in Africa and Asia.   A successful remote code execution attack could provide attackers with complete control of the Android device and all information on it, putting the user’s privacy at risk. The Android security updates also fix three critical security vulnerabilities in Android’s system components. These are CVE-2022-20127, CVE-2022-20140 and CVE-2022-20145, a series of vulnerabilities in Android System that could lead to local escalation of privileges with no additional execution privileges needed. These vulnerabilities could enable attackers to plant malware on the device, putting the user at risk of data theft, or their device being secretly monitored with spyware.  Alongside providing security updates for five critical vulnerabilities, Google’s Android Security Bulletin for June 2022 also delivers fixes for 36 other vulnerabilities, all rated as high severity.   While there’s currently no evidence that any of these vulnerabilities are being exploited in the wild, Android users are urged to apply the updates as soon as possible in order to protect their smartphones – and themselves – from attackers looking to exploit them.  


Google: These ‘curated’ open-source packages will improve software supply chain securityThousands of Android users downloaded this password-stealing malware disguised as anti-virus from Google Play5 quick tips for better Android phone security now (yes, it’s this easy)Android security: Flaw in an audio codec left two-thirds of smartphones at risk of snooping, say researchersGoogle: We’re spotting more zero-day bugs than ever. But hackers still have it too easy