Google has released patches for two critical vulnerabilities in its February 2022 Android security updates.

The first flaw (CVE-2021-39675) is a remote escalation of the privilege bug with a critical severity rating. The bug only affects Android 12.

The second flaw (CVE-2021-30317, affects a closed-source component of Qualcomm. The flaw only affects Android devices that use Qualcomm’s hardware.

Google explained that the vulnerabilities are mainly exploited by sophisticated spyware vendors who independently detect and privately use zero-days in mobile operating systems.

The summary of vulnerabilities fixed in February includes five high severity vulnerabilities in the framework, four high severity bugs in Media Framework, seven high severity to critical flaws in System, two vulnerabilities of undefined severity in Media Provider, and one high severity flaw in the Amlogic components.

Others include five high-severity bugs in MediaTek components, three high-severity flaws in Unisoc components, and six high to critical vulnerabilities in Qualcomm components.