It seems that lately there is not a week that we can breathe easy. We know that our smartphones are exposed to all kinds of risks but, for some time now, we have not stopped receiving news of security flaws in Android that expose our private data and make it available to anyone (with sufficient knowledge).
In recent hours, the Microsoft 365 Defender research team has warned of a series of security flaws in Google’s operating system that allow cybercriminals to control our smartphone, not only without our consent, but even without us knowing. . These vulnerabilities have been classified as highly serious as they affect a large number of users, specifically, millions of us.
A serious danger to the user
It has been a long time since this serious problem has been active. It has been undetected since September of last year, during which time it has been used by hackers with sufficient knowledge to carry out serious attacks against devices , which, unfortunately, has ended up resulting in theft of data and credentials, as well as in the remote control of a large number of telephones.
The notice reads like this:
Microsoft discovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks. The vulnerabilities are being tracked as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with severity scores ranging from 7.0 to 8.9 out of 10.
Security alerts are typically categorized based on their risk to the user and their data compromise. The usual thing is that these vulnerabilities do not exceed 5 out of 10 in level of danger, which shows how serious these security cracks discovered in the Google operating system are.
And it is that, taking advantage of them, the attacker is allowed to create a back door to all our data, or worse still, to take substantial control over the affected device .
It has been fixed?
A spokesperson for the security company has already confirmed that the company fixed the vulnerability a few weeks ago and that it does not know the number of phones that could have been put at risk.
We work closely with the mce Systems engineering and security teams to mitigate these vulnerabilities. The company will send an urgent system framework update to fix these vulnerabilities to affected vendors and release fixes for the issues.
The bad thing is that, although Google has also intervened to update Play Protect to fight against these security breaches, the impact of them is unknown. Even if you are not aware, there could be hundreds of undiscovered providers affected by the flaw, including mobile repair shops that could have used applications with this vulnerability without realizing it, being unaware of this flaw.
For your part , there is nothing you can do, since it is something that does not depend on how the user uses the mobile, just trust that these companies have effectively ended the vulnerability… until another one appears.
