In the Android Security Bulletin for June 2018, there are 57 different vulnerabilities that are getting patched. Both strings of the Security Bulletin have now been released, with 11 critical vulnerabilities that are being patched.
Google releases these updates once a month, and often times the focus is on the biggest vulnerabilities to hit the Android platform. We have all of the latest details about the newest Android Security Bulletin, which is June 2018, so keep reading to learn more about it.
Android June 2018 Security Bulletin Out Now
Out of the 57 vulnerabilities that are being patched in this update, 11 are known as critical vulnerabilities. There are 46 high-rated vulnerabilities, which is definitely a lot more than normal. Most of the time you have a handful of high-rated vulnerabilities, with the rest being low-grade. This time though, it appears the critical and high vulnerabilities are what Google is focusing on for the Android Security Bulletin. Remote execution bugs seem to be the biggest and most severe of the vulnerabilities.
This includes CVE-2017-13230 as well as CVE-2018-9341. There is also CVE-2018-5146 listed as a severe remote code execution vulnerability. These vulnerabilities happen to be with the Android media framework. What that means is that a remote attacker you use a special file in order to execute these arbitrary codes within the framework. The process would be privileged, which means an added element of danger is present. We have more details about the specific remote code execution bugs and wanted to tell you more about those bugs.
June 2018 Security Bulletin Fixes Critical Remote Code Execution Vulnerabilities
There are some details we wanted to tell you about when it comes to these critical remote execution vulnerabilities. The first vulnerability is CVE-2018-5146 and this particular one has to deal with the audio codec which is used in the media framework. There is a memory flaw that is out-of-bounds, which has to deal with the framework processing the Vorbis audio information. Back in March, this flaw was made public during the Pwn2Own hacking contest. Thunderbird and Firefox were also impacted by this particular security vulnerability.
When it comes to CVE-2018-9341, no details were given about this vulnerability. We do have some details on CVE-2017-13230 though, including that this was a write flaw that was also out-of-bounds. This vulnerability impacted the video compression High Efficiency Video Coding. As with the other vulnerability, this also was part of the media framework on Android.
It was patched first back in February 2018, and now it is getting another patch. Back then, it was a medium severity issue, but now it has become critical. Separately, there was also a patch put out for the MediaTek chipset in this update. Qualcomm had four critical flaws that were patched in this update as well. You will find that all of these patches are going for the most severe bugs. That means the more annoying bugs and issues are not getting patched in this update if they are low grade.
How You Can Get the June 2018 Android Security Bulletin
As far as how you can get this new security update on Android, there are over-the-air updates that should be rolling out now. Nexus and Pixel devices will get the updates first over-the-air, and then it will come to more devices within the week. LG and Samsung will also be getting the updates in the first roll out.
The other Android devices will be getting them a week or two down the road. You can also head to the website in order to flash the updates to your Android device yourself. If you do the update manually, ensure the file you have selected is compatible with your Android device.
Once you have downloaded the new June 2018 Security Bulletin, we want to hear what you think about it. Do you think that focusing on critical and high-rated vulnerabilities is the best way to go for this update? What do you think Google can do differently in order to get these updates out quicker to the compatible Android devices? Are you someone that updates every single month or only when there are significant issues that are being patched?