Android Monthly Updates Released – Serious Bugs Found in Critical Places! – Naked Security

Google’s May 2022 updates for Android expired.

As usual, the Android core received two different versions of the patch.

The first is called 2022-05-01It contains fixes for 13 numbered vulnerabilities.

Fortunately, none of them are currently exploited, which means that there are no known zero-day holes this month; None of them directly lead to remote code execution (RCE); None of them are marked as critical.

However, at least one of these vulnerabilities could allow a completely innocent-looking app (an app that doesn’t need special privileges at all when installed) to gain root-level access.

If you’re wondering why we don’t give specific CVE numbers for the most dangerous vulnerabilities, it’s because Google itself doesn’t state which vulnerabilities represent the risks, but instead just mentions the potential side effects ‘The most dangerous weakness’ In each group of insects.

The second tranche of updates has been dubbed 2022-05-05an official identifier that covers all the patches it provides 2022-05-01as well as 23 CVE-numbered errors in several parts of the operating system.

Components affected by these bugs include the Android kernel itself, along with several closed source software modules supplied to Google by device makers MediaTek and Qualcomm.

non-uniform spots

Ideally, Google wouldn’t split monthly updates apart in this way, but would provide one unified set of patches and expect to update all Android device vendors as soon as possible.

However, as the company admits in its prospectus, there “Two levels of security patch so Android partners have the flexibility to fix a subset of similar vulnerabilities across all Android devices more quickly.”

We can understand Google’s approach, which supposedly reflects the assumption that it’s best if everyone fixes at least something and some vendors fix everything…

…than if some sellers fixed everything but others didn’t fix anything at all.

However, Google notes this publicly We encourage Android partners to fix all issues in this bulletin and use the latest security patch.

In modern vernacular, we have seen on this subject simple and clear: +1.