android users should download a critical security patch that Google just released. The latest May 2022 security update fixes an Android vulnerability that was being actively exploited, with the flaw first discovered by Google researchers in January. It’s unclear exactly what threat the vulnerability poses, but it took Google months to roll out a patch to address the issue.
The flaw, which has been tagged CVE-2021-22600, is a Linux kernel vulnerability that hackers can exploit with local access.
It has been given a severity rating of 7.8 by the National Vulnerability Database (NVD), which means it is classified as a “high” risk threat.
The fix for the dangerous Android vulnerability was released as part of the latest May 2022 security update.
In the release notes for the download, Google confirmed that “there are indications that CVE-2021-22600 may be subject to limited and targeted exploitation.”
The latest security patch brings more than two dozen fixes in total, including measures that fix one critical flaw and 18 high-risk severity flaws.
Among the fixes included in the new update is the long-awaited fix for CVE-2022-0847, popularly known as the “Dirty Pipe” exploit.
This vulnerability, which is one of the biggest Linux flaws in years, allows an unprivileged user to overwrite data that is supposed to be read-only. Not only that, but it can also lead to a further increase in privileges.
The fix for the flaw, which was first discovered in March, has been a long time coming – Samsung released a patch to tackle this threat last month.
This rare scenario means the Galaxy makers beat Google to release a month-long patch for the Android flaw.
Speaking of the issues with the latest patches, Google says, “The most serious of these issues is a high security vulnerability in the Framework component that could lead to local elevation of privilege with necessary user execution privileges. Severity rating is based on the effect exploiting the vulnerability would potentially have on an affected device, assuming platform and service mitigations are disabled for development purposes or bypassed with success.”
To make sure your phone has the latest version of Android installed, go to your phone’s Settings app. Then tap System followed by System Update.
You will then be able to see the status of your update. Just follow the onscreen steps to make sure your phone is up to date.