Right on schedule, Google has released the Android Security Bulletin for the month of November with updated security patches for newly discovered vulnerabilities. The security update for this month includes fixes for a wide range of vulnerabilities, the severity of which range from critical to low levels.
This time around, Google has provided three security patch level strings to make it easier for OEMs to quickly patch subset of security issues that are common across the Android platform. Security patch level 2017-11-01 (partial) ensures that all vulnerabilities up to the 2017-11-01 have been addressed, while the security patch level 2017-11-05 and 2017-11-06 indicate that all issues up to those dates have been patched.
Google notes that the most severe of the all discovered vulnerabilities is a critical vulnerability in Media Framework which could allow an attacker to remotely execute malicious code on a target device through multiple mediums. The new security update also addresses vulnerabilities present in network subsystem (kernel components), CCCI driver (MediaTek component), GPU driver (Nvidia components), as well as WiFi driver, QBT1000 driver, and Linux boot (Qualcomm component). Patches for the recently discovered KRACK vulnerability are also included in the update, but you'll need to be on the patch level 2017-11-06.
Alongside the usual Android Security Bulletin, Google has also released a separate bulletin for the Pixel/Nexus devices detailing the additional security vulnerabilities and functional improvements on the Pixel and Nexus devices.
Luckily, Google has had no reports of active customer exploitation of these newly discovered vulnerabilities.
As always, the OTAs will be rolled out to the Pixel devices and supported Nexus devices in the coming weeks. Meanwhile, the factory images and full OTAs are also available from the Android Developers site if you want to flash them manually.
Source: Android Security Bulletin
from xda-developers http://ift.tt/2j69A7N
via IFTTT
No comments:
Post a Comment