Android Security Bulletin October 2017: What you need to know

0
SHARE


Image: Jack Wallen

The Android Security Bulletin has undergone one more change. This time round, Android has break up off the Pixel and Nexus into their very own itemizing. If you occur to personal a kind of units, make sure that to take a look at the Pixel/Nexus Security Bulletin. With that mentioned, it appears the problems plaguing the usual Android Security Bulletin have calmed down fairly a bit. Yes, you may discover the standard suspects of Critical, High, and Moderate vulnerabilities, simply not almost as many. This drop in vulnerabilities might be because of the the separation of Android and Nexus/Pixel into their very own bulletin. Regardless of why, let’s check out the problems that at the moment hang-out Android.

Check the safety launch in your Android system

Before we dive into what’s included with this month’s bulletin, it is at all times good to know what safety launch is put in in your system. To my shock, my day by day driver OnePlus three continues to be caught with the August 1, 2017 safety patch. To discover out what patch degree you might be operating, open Settings and go to About Phone. Scroll down till you see Android safety patch degree (Figure A).

Figure A

Figure A

My OnePlus three with an old-fashioned safety patch.

And now, what’s up with the October Security Bulletin?

Critical points

There are solely 5 essential points listed within the October bulletin. These points are as follows:

Media Framework

The Android Security Bulletin would not be the identical with out the Media Framework being concerned. There are three bugs marked Critical, every of that are of the Remote Code Execution (RCE) kind. These are labeled as Critical, as they might allow a distant attacker, utilizing a specifically crafted malicious file, to execute arbitrary code throughout the context of a privileged course of. Related bugs embrace:

Qualcomm Components

There are two vulnerabilities marked as Critical, that have an effect on Qualcomm elements. These points are additionally of the RCE selection and will allow an attacker, utilizing a specifically crafted malicious file, to execute arbitrary code throughout the context of a privileged course of. Related bugs embrace:

Believe it or not, that is it for Critical vulnerabilities.

High points

Framework

There is an Elevation of Privilege (EoP) vulnerability discovered within the Android framework, that might allow an area malicious utility to bypass consumer interplay necessities and achieve entry to extra privileges. The one associated bug is:

A-62998805

Media Framework

The Media framework features a single EoP problem, marked as excessive, which may allow an area malicious utility to realize entry to extra privileges. The associated bug is:

A-62873231

System

Within the Android System, a single Remote Code Execution vulnerability has been marked High. This RCE problem may allow a proximate hacker to execute arbitrary code throughout the context of a privileged course of. The associated problem is:

A-64575136

Kernel elements

There are two Elevation of Privilege points discovered throughout the kernel. These two bugs are marked High, as they might allow an area malicious utility to execute code throughout the context of a privileged course of. The associated bugs (each affecting the upstream kernel) are:

That’s all for Critical and High points throughout the context of the October Android Security bulletin. It’s a gradual month main into a vacation season that can most likely see an increase in Android system purchases. Here’s hoping that elevation of consumerism does not equate to an elevation of vulnerabilities.

Upgrade and replace

The builders will work diligently to patch the vulnerabilities, however it’s as much as the top customers to make sure the fixes discover their option to units. Make certain you not solely test for updates, however that you simply apply them as quickly as they’re accessible.

Also see


Leave a Reply