back to article Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch

The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12. That bug, CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at …

  1. _LC_

    "then there's four high-severity vulns in Media Framework"

    Bets are on! Next patch, high-severity vulnerabilities in the Media Framework.


    Save this thought for the next time Google is trying to school us on security.

    1. devin3782

      Re: "then there's four high-severity vulns in Media Framework"

      I save this thought every time Google tells me via their lighthouse tool my site is loading too slowly due to 3rd party JavaScripts and its their bloody analytics code/tag manager causing it! catch 22 anyone?

      1. John Brown (no body) Silver badge

        Re: "then there's four high-severity vulns in Media Framework"

        "its their bloody analytics code/tag manager causing it!"

        Have you considered following Googles advice and removing Google Analytics and Tags?

        1. devin3782

          Re: "then there's four high-severity vulns in Media Framework"

          I did, but sadly clients need their free analytics at the expense of their customers privacy

  2. Steve Graham
    Big Brother

    Extended support?

    My Nokia 5 is now out of support and gets no updates, so I've bitten the bullet and ordered a new, mid-range phone. I'm getting a Pixel 5a, mainly because it's got a decent spec and is not fecking ginormous, compared to most of its competitors. (I know the iPhone 13 mini is a handy size, but I will always stay clear of the Apple tar pit.)

    The new phone hasn't arrived yet, but I've already researched how to put LineageOS on it. In fact, I think I'll use the microG builds of LineageOS to put even more distance between Google and myself.

    1. devin3782

      Re: Extended support?

      There's always a Fairphone

    2. Piro Silver badge

      Re: Extended support?

      155mm tall is out of smartphone and in to phablet territory, and therefore fecking ginormous.

      That said, most devices seem to be huge these days, I guess people have bigger hands and pockets than they used to.

    3. Steve Graham

      Re: Extended support?

      If anyone's interested, the microG LineageOS build for the Pixel 5a installed and seems to be working perfectly.

      One minor hiccup was that when I booted Google Android for what was supposed to be the one and only time so that I could unlock the bootloader, the relevant option -- OEM unlocking -- was disabled. The internet suggested that this would go away if I put in a SIM and/or connected to wifi. I did both, and one or the other did the trick. (Now when I reboot the phone, it tells me that the unlocked bootloader is a security risk. I can put up with that.)

  3. Arthur the cat Silver badge

    Downloading now

    so it's available. [Pixel 5 in this case.]

  4. bryces666


    Pisses me off that I will soon have to replace a perfectly functional Samsung galaxy phone not because the hardware is failing or performing badly but because there are no longer any security patches. If I'd gone to the dark side (apple) it would still have been good for a couple more years. Maybe I suck up my aversion to the closed eco system this time and go the dark way as the price is about the same..

    1. heyrick Silver badge

      Re: obsolescence

      My renewal came up recently. I left Samsung and got myself a Mi10T.

      It's an interesting device. In order to keep the price down there's no wireless charging, no SD slot, no headphones (which is rather annoying, I don't like the USB dongle as the port looks fragile), and it's an LCD screen rather than OLED. However the heart of the device is the same chip as in the S20 (Snapdragon 865) which means it's pretty nippy in use, even capable of 8K video (which uses obscene amounts of storage).

      Sure, you're likely being tracked by the Middle Kingdom but I'm just a mere unimportant data point and honestly I'm not sure if that's better or worse than being tracked by corporate America.

      Anyway, Xiaomi (or however you spell it) are doing a reasonable job of delivering a useful device in a lower price bracket. I thought, as a person who watches a lot of Netflix, that the LCD would bug me (compared to AMOLED) and the tiny little hole in the corner would bug me too. But, honestly, they are both far less annoying and obvious than the horrible horrible visual artefacts in Amazon's Prime Video (the complete inability to manage sensibly graduated shades of near black pretty much ruined The Wheel Of Time for me).

      Anyway, if you want a device with a decent processor, it's no longer a Samsung vs Apple fight.

      1. Anonymous Coward
        Anonymous Coward

        Re: obsolescence

        are you serious about watching 8k movies, or any for that matter any real movies?

        PS hope you don't do any banking on that Mi10T

        1. John Brown (no body) Silver badge

          Re: obsolescence

          I remember when so-called "pocket" TVs were all the rage. I never had one with a tiny CRT, but did get my hands on a 2nd-hand LCD one at one stage, 35-40 years ago when I was younger and my eyes were less aged than they are now. The screen was 4:3, naturally, but as big or bigger than an average phone of today. It was barely useable for anything other than "talking heads" type TV. Anything else such as films or drama, it was simply too small and pretty much useless.

          Kids today think watching video on a tiny, barely legible screen while "on the move" is something new and ground breaking :-) On the other hand, it's a real use case for folding phones with larger screens, or better yet, roll out screens.

          1. heyrick Silver badge

            Re: obsolescence

            The LCDs were awful in those days. I had a 1 inch Sony Watchman (CRT) and the resolution was good enough that I could hide under the duvet and read teletext as used to be broadcast on BBC 2 in the early hours.

            I'm myopic, which means that I need a fairly high resolution screen (to avoid noticing the pixels) but it also means I can hold it fairly close for my own personal mini-cinema. The way I hold it, it is perceptually "larger" in my field of vision than a normal TV would be. And in focus too!

        2. heyrick Silver badge

          Re: obsolescence

          I think 8K is a gimmick that's there to be a tick box. On that size device anything over 1080p is unlikely to make any difference.

          As for banking, can you assure me that Android/iOS is safe?

        3. Alumoi Silver badge

          Re: obsolescence

          C'mon, Russia is the big bad wolf now.

      2. Crypto Monad Silver badge

        Re: obsolescence

        Samsung are now claiming they will provide 4 years support, so I bought an A52S (my first Samsung) as soon as it was released last October. If that gets me to Oct 2025 then I'm happy with that.

  5. beekir

    Android 12 is a dumpster fire

    Android 12 continues to be a dumpster fire. I have been on this platform since my iPhone 6 broke down, but now I am ready to switch back.


      Re: Android 12 is a dumpster fire

      You decided to join right as Android committers decided to lock down apps even more into an iOS-like walled garden without the interoperability or feature set of said walled garden, unless you're a Google user :)

      I once said it was dishonest to say Android was exclusively a Google product since Android is/was an open ecosystem, but damn me to the Google Gulag if they don't have a stranglehold on it now.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like