Google LLC’s June update for its Android operating system contains fixes to a pair of critical vulnerabilities that could enable hackers to remotely deploy malicious code on a victim’s mobile device.

Google releases monthly patches for Android to mitigate security issues periodically found in the platform. The June update, released Monday, fixes a total of 34 flaws. The two remote code execution issues ranked by Google’s Android security team as “critical” were detailed today in an advisory from the U.S. government-backed Multi-State Information Sharing and Analysis Center.

Attackers can use the vulnerabilities to target devices remotely using “multiple methods such as email, web browsing, and MMS when processing media files,” the advisory reads. “Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The vulnerabilities affect the System component of Android in versions 8 to 11 of the platform, the three most recent releases. The same component also contained two other security flaws with a lower severity of “high.” According to a Google security bulletin, the latter issues have been fixed too as part of the June update.

Most of the 30 other vulnerabilities resolved in the patch affect smartphones with components from Qualcomm Inc, a major processor supplier and the top maker of mobile modem chips. Two of those issues are also ranked as critical but the search giant didn’t provide a detailed description.

The update follows hot on the heels of researchers disclosing StrandHogg 2.0, an Android vulnerability that allowed hackers to steal victims’ data by hijacking legitimate apps. The exploit made it possible for malware to place a malicious overlay on top of an app’s interface to intercept passwords and other input typed by the user. Google released a fix in May. 

Google doesn’t push security updates directly to users but rather shares them with Android handset makers, which in turn have the responsibility of patching their devices. The search giant helps get fixes to consumers faster by notifying partners of vulnerabilities at least a month before the public disclosure. The next version of Android, Android 11, has a feature called Project Mainline that aims to speed up patch rollouts even further by enabling users to download security updates directly from the Play Store.

Vulnerabilities are periodically also discovered in Apple Inc.’s rival iOS. Only this week, Apple issued an emergency patch for a recently discovered flaw that made it possible to jailbreak iPhones and iPads to install third party software from sources other than the App Store.

Photo: Unsplash