The newest Android Security Bulletin was just released for October 2017. In the newest Android Security Bulletin, there are five critical vulnerabilities that have been fixed. There were also nine other vulnerabilities fixed, including those in the high severity category. We have the latest news about the 14 different vulnerabilities that have been patched in the October 2017 Android Security Bulletin. If you have an Android device, continue reading to learn more about the fixes.
Android Security Bulletin Release Patches Critical Vulnerabilities
The good news is that the October 2017 Android Security Bulletin has been released. Out of the 14 different vulnerabilities that were fixed, there were five that were critical. This month we are not seeing a huge list of vulnerabilities being patched like in previous updates.
That is because Google is going to be doing the Android Security Bulletin updates differently than before. There will be a monthly separate update for both the Nexus and Pixel devices. Instead of Google just pushing out a huge security update every month, there will be two different ones. One security update will be for Pixel and Nexus devices, while the other is for all other Android devices.
This is a change that has just started this month with the Android Security Bulletin. There will be both a partial patch and completed patch, so it is still two patch levels like always. It is because of the change on how the updates are now working that we are seeing only 14 vulnerabilities being fixed. Out of those 14 vulnerabilities, three critical ones are part of remote execution bugs. These bugs are in the media framework on Android. There are two other critical vulnerabilities, which are part of the Qualcomm component.
More Vulnerabilities Fixed in Android Security Bulletin
Beyond the critical vulnerabilities, there were also several other vulnerabilities fixed in the Android Security Bulletin for October 2017. There was a fix for what is called the DNSmasq software. A severe vulnerability that was fixed was CVE-2017-0806. This was an escalation of privilege vulnerability that was impacting mostly Android Marshmallow through Android Oreo.
In this vulnerability, a hacker could enable an application that was malicious. This could be done by bypassing the usual requirements needed to get to the more sensitive permissions. Once someone had bypassed the higher up permissions, more lengthy and secret attacks could take place.
Two other vulnerabilities that were fixed related to the kernel components. These vulnerabilities could actually execute arbitrary codes in those more privileged processes. One of the escalation of privilege vulnerabilities was in the filesystem for Android.
Android Security Update Includes Hardware Fixes
There also were some hardware fixes in this update too. Both MediaTek and Qualcomm hardware were fixed in this update, with the drivers getting the patches. Two Qualcomm issues were critical whereas the MediaTek vulnerability was rated as high severity. These are two of the most common issues with Android, and vulnerabilities from both of these have been fixed numerous times over the past several months.
When it comes to the Pixel and Nexus update, there are 38 vulnerabilities that are going to be addressed in that update. You can head on over to your Android device right now and download both patch levels. The partial string and the complete string should be there waiting on you. It is always a good idea to update to the newest Android Security Bulletin once it has been released. This will help keep your Android device secure by quickly patching the vulnerabilities.