Android Security Bulletin Analysis (October 2021)

2021-10-01 security patch level vulnerability details

Android runtime

CVE-2021-0703

Framework

CVE-2021-0652

  • VectorDrawable中的条件竞争问题

CVE-2021-0705

  • 利用通知实现后台限制绕过,细节待分析

CVE-2021-0708

  • 同上个月公告的CVE-2021-0683,不知道为何又放了一遍

CVE-2020-15358

  • sqlite的两个漏洞CVE-2020-15358和CVE-2020-13871

CVE-2021-0702

CVE-2021-0651

Media Framework

CVE-2021-0483

System

CVE-2021-0643

  • SubscriptionManager.getAllActiveSubscriptionInfoList接口会泄露ICCID

CVE-2021-0706

  • SystemUI中的DISABLE_PLUGIN动态广播接收器添加权限
     filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
     filter.addAction(Intent.ACTION_PACKAGE_REPLACED);
     filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
+    filter.addDataScheme("package");
+    mContext.registerReceiver(this, filter);
     filter.addAction(PLUGIN_CHANGED);
     filter.addAction(DISABLE_PLUGIN);
     filter.addDataScheme("package");
+    mContext.registerReceiver(this, filter, PluginInstanceManager.PLUGIN_PERMISSION, null);
     mContext.registerReceiver(this, filter);
     filter = new IntentFilter(Intent.ACTION_USER_UNLOCKED);
     mContext.registerReceiver(this, filter);

2021-10-05 security patch level vulnerability details

System

CVE-2021-0870

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注