Attackers were able to attack Android devices and, after successful attacks, export malicious code to smartphones and tablets, among other things. Now Google and other Android device manufacturers (see box to the right of this message) have released collected security updates for Android 8.0 to 11 published.
In a warning message Google classifies a "critical" gap (CVE-2020-0449) as particularly dangerous. According to the description, an attacker in the vicinity of a vulnerable device could execute their own code on devices by sending an unspecified crafted transmission. If this succeeds, devices are usually considered to be fully compromised.
Devices permanently unusable?
Other critical vulnerabilities include framework and Qualcomm components. After successful attacks, attackers could, for example, put devices into a permanent DoS state, according to Google. What this means in detail remains unclear. But it reads as if devices were rendered unusable as a result.
To prevent attacks, Android users should bring their devices up to date. If the Security Patch Level in the settings is 2020-11-01, this has already happened. The entry 2020-11-05 indicates that older patches are installed in addition to the current security updates.
Extra sausage for Pixel devices
Google’s Pixel series gets extra security updates this month. As you can read in a post, the vulnerabilities with the threat level are "moderate" classified. Among other things, they affect WLAN components from Qualcomm. What attackers can do after a successful attack is currently unclear.