Vulnerabilities in Android OS Allow for Remote Code Execution

by | Apr 7, 2021 | Advisories

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Android OS builds utilizing Security Patch Levels issued prior to April 5, 2021.

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details of these vulnerabilities are as follows:

  • Multiple vulnerabilities in Framework that could allow for Escalation of Privileges (CVE-2021-0400, CVE-2021-0426, CVE-2021-0427,  CVE-2021-0432, CVE-2021-0438, CVE-2021-0439, CVE-2021-0442)
  • Multiple vulnerabilities in Framework that could allow for Information Disclosure (CVE-2021-0443, CVE-2021-0444)
  • Multiple vulnerabilities in Media Framework that could allow for Escalation of Privilege (CVE-2021-0437)
  • Multiple vulnerabilities in Media Framework that could allow for Information Disclosure (CVE-2021-0436, CVE-2021-0471)
  • Multiple vulnerabilities in System that could allow for Remote Code Execution (CVE-2021-0430)
  • Multiple vulnerabilities in System that could allow for Escalation of Privilege (CVE-2021-0429,  CVE-2021-0433, CVE-2021-0445, CVE-2021-0446)
  • Multiple vulnerabilities in System that could allow for Information Disclosure (CVE-2021-0428, CVE-2021-0431, CVE-2021-0435)
  • Multiple vulnerabilities in Kernel Components that could allow for Escalation of Privilege (CVE-2020-15436)
  • Multiple vulnerabilities in Kernel Components that could allow for Information Disclosure (CVE-2020-25705)
  • Multiple high severity vulnerabilities in MediaTek components (CVE-2021-0468)
  • Multiple critical severity vulnerabilities in Qualcomm components (CVE-2020-11210)
  • Multiple high severity vulnerabilities in Qualcomm components (CVE-2020-11191, CVE-2020-11236, CVE-2020-11237, CVE-2020-11242, CVE-2020-11243, CVE-2020-11245, CVE-2020-11246, CVE-2020-11247,  CVE-2020-11251, CVE-2020-11252, CVE-2020-11255)

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to only download applications from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

REFERENCES:
Google Android:
https://source.android.com/security/bulletin/2021-04-01

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0471