fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Android November Patch Fixes Actively Exploited Kernel Bug

Android November Patch Fixes Actively Exploited Kernel Bug

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.

Among the fixes, there’s one that plugs CVE-2021-1048, a local escalation of privilege caused by a use after free weakness, which, according to Google, is under limited, targeted exploitation.

Not many technical details have been released around this flaw yet, as original equipment manufacturers (OEMs) are currently working on merging the patch with their custom builds, so most Android users are vulnerable.

Also Read: 4 Easy Steps To Create Privacy Management Plan For Business

Five critical issues

The most severe issues addressed by the November 2021 patch are two critical System remote code execution (RCE ) bugs tracked as CVE-2021-0918 and CVE-2021-0930.

These flaws enable attackers to execute arbitrary code within the context of a privileged process by sending a specially crafted transmission to the target device.

Two more critical flaw security flaws addressed with this month’s patch are those for CVE-2021-1924 and CVE-2021-1975, both impacting Qualcomm components.

The fifth critical flaw fix lies in Android TV’s “remote service” component and is an RCE tracked as CVE-2021-0889.

Exploiting this flaw would enable an attacker near the device to execute code without privileges or user interaction.

Also Read: What Is Governance Structure: Fundamentals for Gov’t Success

How Android patch levels work

As a reminder on how Android patch levels work, Google releases at least two of them each month, and for November, it’s 2021-11-01, 2021-11-05, and 2021-11-06.

Those who see an update alert marked as 2021-11-01, it means that they will get the following:

  • November framework patches
  • October framework patches
  • October vendor and kernel

Those who see either 2021-11-05 or 2021-11-06 patch levels will receive all of the above, plus the November vendor and kernel patches.

This is the first security patch for the recently-released Android 12, but many of the fixes go back to versions 11, 10, and 9, depending on the scope of the addressed vulnerabilities.

If you are using older Android versions, you are not covered by this patch level, and your device is vulnerable to yet one more actively exploited flaw.

Finally, this is the first patch level not delivered to Pixel 3, which marks the official end of support for one of Google’s most beloved devices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us