Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.
Among the fixes, CVE-2021-1048, a local escalation of privilege caused by a use after free weakness, which, is under limited, targeted exploitation.
The most severe issues addressed by the November 2021 patch are two critical System remote code execution (RCE) bugs tracked as CVE-2021-0918 and CVE-2021-0930.
These flaws enable attackers to execute arbitrary code within the context of a privileged process by sending a specially crafted transmission to the target device.
Two more critical flaw security flaws addressed with this month’s patch are those for CVE-2021-1924 and CVE-2021-1975, both impacting Qualcomm components.
The fifth critical flaw fix lies in Android TV’s “remote service” component and is an RCE tracked as CVE-2021-0889. Exploiting this flaw would enable an attacker near the device to execute code without privileges or user interaction.
Those who see either 2021-11-05 or 2021-11-06 patch levels will receive all the above, plus the November vendor and kernel patches.
This is the first security patch for the recently released Android 12, but many of the fixes go back to versions 11, 10, and 9, depending on the scope of the addressed vulnerabilities. If any old Android versions, you are not covered by this patch level, and your device is vulnerable to yet one more actively exploited flaw.
Finally, this is the first patch level not delivered to Pixel 3, which marks the official end of support for one of Google’s most beloved devices.