Android Security Bulletin: Everything you need to know!

Fixing the newest bugs and exploits in Android each month.

Google has detailed the newest Android Security Bulletin and launched the fixes for Nexus and Pixel gadgets.

These are exploits and different safety issues that have an effect on Android as a complete. Issues with the working system, kernel patches, and driver updates could not have an effect on any specific system, however these need to be mounted within the Android base by the oldsters sustaining the working system code. That means Google, and so they’ve detailed the issues they’ve improved for this month.

Updated manufacturing facility photos for Pixel and Nexus gadgets which might be supported can be found, and over-the-air updates are rolling out to customers. If you don’t desire to wait, you can obtain and flash the manufacturing facility picture or OTA replace file manually, and listed here are some helpful directions to get you began.

How to manually replace your Nexus or Pixel

The firm that made your cellphone makes use of these patches to ship an replace out to you.

These modifications have been launched to the folks making Android telephones for at the least 30 days, however Google cannot drive anybody to ship them to you. If you’re utilizing a cellphone from Samsung, LG, or anybody moreover Google, you’ll need to look forward to them to ship an replace and should not attempt to flash any of the above recordsdata.

Of course, Google has security checks in place to stop any issues in your cellphone due to any safety exploits. Verify Apps and SafetyNet are at work anytime you add an app to your cellphone, and seamless updates to Google Play Services will maintain them up to date no matter any maintain up from a producer or service. Details and incident numbers could be discovered within the yearly Android Security Review (.pdf file).

Highlights for December 2017

December 2017’s replace comes with two patch dates: 12/01/2017, and 12/05/2017.

  • If your system did not get up to date to the November 6 patch final month, December’s replace additionally comes with a repair for the KRACK WPA2 Wi-Fi vulnerability.
  • A vulnerability with Android’s framework that allowed malicious apps to get previous person interactions necessities to entry larger permissions has been squashed.
  • The media framework has additionally been up to date to patch a risk that allowed a distant attacker to ship out an arbitrary code to your system.
  • Components for quite a few MediaTek, NVIDIA, and Qualcomm parts have been up to date with safety fixes.

If you get an replace with a patch date of 12/05/2017, you even have each subject addressed by the 12/01/2017 replace in place.

Previous bulletin highlights

Here are summaries and highlights of latest patches from the month-to-month Android Security Bulletin. As with the present bulletin, these points have been additionally mitigated by Google’s Verify Apps, Safety Net, and seamless updates to Google Play Services.

Highlights for November 2017

November 2017’s replace comes with three patch dates: 11/01/2017, 11/05/2017 and 11/06/2017.

  • This month’s patch updates the community stack to patch the KRACK Wi-Fi exploit.
  • The Android framework has as soon as once more been patched to stop an exploit that bypass person interplay necessities so as to acquire entry to further permissions.
  • The media framework and the Android system itself have been once more patched to fight the ever-present assaults by media containers. This has been a month-to-month factor for over a 12 months and will definitely proceed.
  • Critical updates have been utilized way back to Android 5.02 for OEMs to use to patch their current gadgets if they need.
  • Broadcom, MediaTek, NVIDIA, and Qualcomm have every patched a variety of drivers that would probably permit distant attackers to execute code.

If you get an replace with a patch date of 10/05/2017, you even have each subject addressed by the 10/01/2017 replace in place. Devices that obtain a patch with the 11/06/2017 date have all of the November fixes in place in addition to all earlier patches. This is one thing new and we’re hopeful that it continues.

Highlights for October 2017

October 2017’s replace comes with two patch dates: 10/01/2017 and 10/05/2017.

  • This month’s patch updates a number of vital parts to stop privileged code execution, each regionally and distant.
  • The Android framework has been patched to stop an exploit that bypass person interplay necessities so as to acquire entry to further permissions.
  • The media framework and the Android system itself have been patched to stop execute arbitrary code inside the context of a privileged course of.
  • Critical updates have been utilized way back to Android four.four
  • Broadcom, MediaTek, and Qualcomm have every patched a variety of drivers that would probably permit distant attackers to execute code.

If you get an replace with a patch date of 10/05/2017, you even have each subject addressed by the 10/01/2017 replace in place.

Highlights for September 2017

September 2017’s replace comes with two patch dates: 09/01/2017 and 09/05/2017.

  • The fundamental subject this month revolves, as soon as once more, round a vulnerability within the media framework that, when paired with exploitative code, might remotely execute malware on a person’s system.
  • Some of those patches return to Android four.four KitKat.
  • A runtime bug has been patched that will permit a distant person to execute code that would trigger an app to hold.
  • Broadcom has as soon as once more issued a variety of patches for its Wi-Fi drivers.
  • MediaTek and Qualcomm have every patched a variety of drivers that would probably permit distant attackers to execute code.

If you get an replace with a patch date of 09/05/2017, you even have each subject addressed by the 09/01/2017 replace in place.

Highlights for August 2017

August 2017’s replace comes with two patch dates: 08/01/2017 and 08/05/2017.

  • A reasonable subject within the Android runtime that would allow privileged code execution has been patched.
  • Again we see quite a few points that would permit distant code execution by the media libraries patched, with some modifications going again to Android four.four.
  • Qualcomm has patched quite a few escalation of privilege points within the Snapdragon platform. These embody reasonable vulnerability patches for video, the GPU, and USB enter/output. Since these embody closed supply modifications, new variations can be found from Qualcomm to your system producer to implement as wanted.
  • MediaTek and Broadcom have additionally provided patched system drivers for a spread of points rated from low to reasonable. Any of those binaries which might be relevant to Nexus or Pixel gadgets can be found on the Google Developer web site.

If you get an replace with a patch date of 08/05/2017, you even have each subject addressed by the 08/01/2017 replace in place.

July 2017

July 2017’s replace comes with two patch dates: 07/01/2017 and 07/05/2017.

  • An subject within the Android runtime that would allow distant code execution has been patched.
  • Over 20 points that would permit distant code execution by the media libraries have been patched, with some modifications going again to Android four.four.
  • Qualcomm has patched quite a few escalation of privilege points within the Snapdragon platform. These embody each closed supply and open supply modifications. The closed supply modifications can be found from Qualcomm to your system producer to implement as wanted.
  • NVIDIA, MediaTek, HTC, and Broadcom have additionally provided patched system drivers for a spread of points rated from low to reasonable. Any of those binaries which might be relevant to Nexus or Pixel gadgets can be found on the Google Developer web site.

If you get an replace with a patch date of 07/05/2017, you even have each subject addressed by the 07/01/2017 replace in place.

June 2017

June 2017’s replace comes with two patch dates: 06/01/2017 and 06/05/2017.

  • Google Pixel gadgets for the Canadian service Rogers will get a hotfix for VoLTE points as well as to safety updates.
  • Qualcomm has patched a slew of system drivers for the Snapdragon platform. Most have been of reasonable severity however a Bluetooth-specific replace is a vital patch.
  • NVIDIA, MediaTek, and Synaptics have additionally provided patched system drivers for a spread of points rated from low to reasonable. Any of those binaries which might be relevant to Nexus or Pixel gadgets can be found on the Google Developer web site.
  • Exploits that permit distant code execution whereas viewing media in an e-mail, SMS or the browser proceed to be addressed as new ones come up. This is a endless battle and a motive why month-to-month patches are necessary.

If you get an replace with a patch date of 06/05/2017, you even have each subject addressed by the 06/01/2017 replace in place.

May 2017

May 2017’s replace comes with two patch dates: 05/01/2017 and 05/05/2017.

  • Qualcomm has patched an exploit that probably might permit unauthorized bootloader entry for gadgets utilizing Snapdragon 800 sequence processors. Motorola has issued a separate replace to tackle the Nexus 6.
  • A particular vulnerability in GIFLIB that may trigger reminiscence corruption when a nasty file is acquired has been remoted and patched. This patch applies to Android four.four or increased and has been merged into AOSP.
  • Qualcomm, NVIDIA and MediaTek proceed to tackle exploits that have an effect on their “drivers” and have once more refined the code for May 2017. Any of those binaries which might be relevant to Nexus or Pixel gadgets can be found on the Google Developer web site.
  • Several reasonable exploits within the Bluetooth stack that would permit a person to obtain a file with out specific permission have been addressed. Patches have been merged into AOSP again to Android four.four.

If you get an replace with a patch date of 05/05/2017, you even have each subject addressed by the 05/01/2017 replace in place.


Archives of all earlier Android Security Bulletins can be found on the Android Security web site.

See the Android Security web site for particulars on all bulletins

Updated November 2017: Added data for the newest patch from Google.

You might also like More from author

Leave A Reply

Your email address will not be published.