Android November updates: numerous patches released; 5 critical

Published 11/11/21, 9:00am

The November 2021 Google Android security updates contained patches for a number of vulnerabilities, five of which were deemed critical. The patches cover issues in the frameworks, systems, kernel components, Android TV, and other Android components from external suppliers.  

The five critical bugs are tracked as CVE-2021-0918, CVE-2021-0930, CVE-2021-1924, CVE-2021-1975, and CVE-2021-0889 and involve system remote code execution (RCE), closed-source component vulnerabilities, and an Android TV remote service problem. Google also advises that another bug, tracked as CVE-2021-1048, is a high-severity issue affecting local escalation of privilege and may be under limited, targeted exploitation. Google did not provide any additional information on the attacks related to CVE-2021-1048, however, security researchers speculate that due to the nature of the bug, that the attacks currently underway may be coming from a state-sponsored threat actor for espionage purposes.

Next Steps

Android device users are urged to update devices to the latest version of the Android platform where possible. Businesses are also reminded that any vulnerable device connected to business systems poses a risk to the enterprise.