The Android Security Bulletin, released in June 2022, contains security fixes for 41 vulnerabilities, five of which are classified as serious.

CVE-2022-20130, a vulnerability in Android's Media Framework that could lead to arbitrary code execution, allowing an attacker to run commands with no additional privileges required, and CVE-2022-20210, a critical vulnerability in Unisoc chip firmware that allows attackers to remotely crash phones, leading to a denial of service or remote code execution, are among the most serious security vulnerabilities receiving updates.

A successful remote code execution attack gives attackers access to the Android device and all data on it, jeopardizing the user's privacy.

The Android security patches also address three serious security flaws in the system components of Android. These are CVE-2022-20127, CVE-2022-20140, and CVE-2022-20145, three Android System vulnerabilities that could lead to local privilege escalation with no extra execution privileges required. These flaws could allow attackers to install malware on the device, placing the user in danger of data theft or having their device secretly monitored with spyware.

Android’s Afrika dominance

According to available data, 7 out of 10 phones run on the Android OS, and 84 percent of all smartphones in Africa are Android-based. iOS headsets account for around 14 percent of all smartphones across the continent, with Samsung, Nokia, and KaiOS accounting for the remaining two percent or so.

Tanzania Communications Regulatory Authority (TCRA) reported 25 million internet users, which combined with Kenya Digital's 22.86 million internet users, equates to 46 percent and 43 percent internet penetration in 2020, indicating the need for an Android mobile application for mapping health facilities in both online and offline using Google Map API.

The adoption of Android is linked to access to key services in both the private and public sectors. With sensitive data being transmitted, it's easy to understand how unpatched vulnerabilities might be leveraged as backdoors to illegally obtain residents' data for malicious purposes.

iAfrikan advises all of our readers to update their Android OS promptly in order to patch the latest vulnerabilities.

Share this via