May 2. (Portaltic/EP) –
Google has corrected a vulnerability in Android that allowed system applications to be downgraded to versions older than the one the device had installed out of the box, a practice that can cause problems and put security at risk.
The practice of downgrading an application on Android is possible with a series of developer tools, which allow you to install versions prior to the latest available update, but it is not possible for users of mobile devices.
However, a vulnerability identified as CVE-2023-21116, with moderate risk, allowed privilege escalation precisely to downgrade a system application to lower versions than what was installed out of the box.
The practice has its risks, as explained by the journalist specializing in Android Mishaal Rahmanas an old version of the app may have bugs and vulnerabilities that have been fixed with more recent updates.
The fix for the vulnerability is included in the May monthly update that Google has released this Monday for all devices. Pixel with Android 13and will reach the rest of Android devices through a patch for versions 11 to 13 of the Android Open Source Project.
