True to its schedule, Google shared earlier this month its monthly security bulletin for Android. As usual, the Mountain View firm is tackling a large package of flaws since no less than 33 vulnerabilities have been fixed via the August update, which will arrive at the latest in the coming weeks according to the pace of deployment of each manufacturer.
Some of the fixes include issues related to the Media Framework, allowing a local malicious application to deviate from operating system protections.
33 vulnerabilities fixed in August on Android
Google has shared the new security bulletin for Android, which lists all patches released on smartphones using a sufficiently recent version of the operating system. The 33 vulnerabilities addressed affect various android buckets, including the multimedia framework, os kernel, MediaTek, and Qualcomm.
Thus, 28 serious flaws and five reviews have been corrected. They mainly affect issues related to privileged scaling (which allows an attacker to access sensitive settings) and the theft of data on the smartphone.
The flaws of the multimedia framework in the viewfinder
As has been the case before, the biggest threat comes from two spots in the Media Framework component that can allow a local malicious application to deflect operating system protections and isolate data from other applications. The vulnerability allowed an attacker to execute any command and take control of an administrator account.
Google clarifies that the affected devices are not unusable but that their integrity is strongly compromised if the vulnerability is exploited.