The Android Safety Bulletin has undergone yet one more change. This time round, Android has cut up off the Pixel and Nexus into their very own itemizing. If you happen to occur to personal a type of gadgets, be sure to take a look at the Pixel/Nexus Security Bulletin. With that mentioned, it appears the problems plaguing the usual Android Safety Bulletin have calmed down fairly a bit. Sure, you may discover the same old suspects of Important, Excessive, and Average vulnerabilities, simply not practically as many. This drop in vulnerabilities may very well be as a result of the separation of Android and Nexus/Pixel into their very own bulletin. No matter why, let’s check out the problems that presently hang-out Android.
Examine the safety launch in your Android gadget
Earlier than we dive into what’s included with this month’s bulletin, it is at all times good to know what safety launch is put in in your gadget. To my shock, my day by day driver OnePlus three continues to be caught with the August 1, 2017 safety patch. To search out out what patch degree you might be operating, open Settings and go to About Cellphone. Scroll down till you see Android safety patch degree (Determine A).
And now, what’s up with the October Safety Bulletin?
There are solely 5 crucial points listed within the October bulletin. These points are as follows:
The Android Safety Bulletin would not be the identical with out the Media Framework being concerned. There are three bugs marked Important, every of that are of the Distant Code Execution (RCE) sort. These are labeled as Important, as they might allow a distant attacker, utilizing a specifically crafted malicious file, to execute arbitrary code throughout the context of a privileged course of. Associated bugs embody:
There are two vulnerabilities marked as Important, that have an effect on Qualcomm parts. These points are additionally of the RCE selection and will allow an attacker, utilizing a specifically crafted malicious file, to execute arbitrary code throughout the context of a privileged course of. Associated bugs embody:
Consider it or not, that is it for Important vulnerabilities.
There may be an Elevation of Privilege (EoP) vulnerability discovered within the Android framework, that would allow an area malicious utility to bypass consumer interplay necessities and acquire entry to extra privileges. The one associated bug is:
The Media framework features a single EoP problem, marked as excessive, which may allow an area malicious utility to realize entry to extra privileges. The associated bug is:
Inside the Android System, a single Distant Code Execution vulnerability has been marked Excessive. This RCE problem may allow a proximate hacker to execute arbitrary code throughout the context of a privileged course of. The associated problem is:
There are two Elevation of Privilege points discovered throughout the kernel. These two bugs are marked Excessive, as they might allow an area malicious utility to execute code throughout the context of a privileged course of. The associated bugs (each affecting the upstream kernel) are:
That is all for Important and Excessive points throughout the context of the October Android Safety bulletin. It is a sluggish month main into a vacation season that can most likely see an increase in Android gadget purchases. This is hoping that elevation of consumerism does not equate to an elevation of vulnerabilities.
Improve and replace
The builders will work diligently to patch the vulnerabilities, however it’s as much as the tip customers to make sure the fixes discover their solution to gadgets. Be sure to not solely examine for updates, however that you simply apply them as quickly as they’re obtainable.