14 DAY TRIAL // Google has released this month’s security updates for its Android mobile OS, fixing a total of 81 vulnerabilities in the platform with two different packages.
The company’s September 2017 patch rollout includes two security patch level strings, one of which is labeled as 2017-09-01 and the other one flagged as 2017-09-05. The second includes the fixes that are part of the first, but Google says that this way Android partners can quickly fix a subset of vulnerabilities on their devices.
Specifically, the 2017-09-01 security patch level addresses 30 vulnerabilities, out of which no less than 10 are marked as critical and another 15 with a high security risk. Google says that the majority of Android versions are affected, including the newly-released Oreo.
Google points out the most severe vulnerabilities could allow attackers to execute arbitrary code on an unpatched device using crafted files. These remote code execution flaws exist in all Android versions from 4.4.4 to 8.0, Google confirms.
Broadcom and Qualcomm patches
On the other hand, it’s important to know that the 2017-09-05 security patch level addresses issues affecting Broadcom components with malicious Wi-Fi driver signatures.
“The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google says.
There are also kernel updates, as well as MediaTek patches for devices using such technology. Qualcomm models are getting their own share of patches, with the search giant explaining that Wi-Fi, GPU, and audio drivers on these devices are exposed to RCE, EoP, and ID attacks.
According to Google’s patching rollout notes, all its Nexus and Pixel devices are being updated with the 2017-09-05 security patch level, but as it’s the case with every security rollout, depending on the manufacturer of your device, it could take longer until the patches are being shipped.
It goes without saying that users should install the updates as soon as possible, especially because so many vulnerabilities are said to be resolved.