Android Patch Clears Vulnerabilities

Wednesday, December 6, 2017 @ 01:12 PM gHale


Google released the December’s Android security patch which fixes a boatload of vulnerabilities.

In this latest series of fixes, Google cleared 47 critical vulnerabilities for the media framework, system, framework, MediaTek components, Linux kernel, as well as NVIDIA and Qualcomm  components. The update also mitigated 48 vulnerabilities specific to supported Pixel and Nexus devices.

RELATED STORIES
Disable Location Services, Google Knows Location
Eavesdropper Vulnerability Rampant
Google Cracking Down on App Misuse
Google Releases Android Security Patch

The most severe vulnerability is a critical security hole in Media framework, which could allow a remote attacker to execute arbitrary code within the context of a privileged process using a malicious file.

“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” Google researchers wrote in a post.

There are no reports of active attacks against the vulnerability, researchers said.

Google is sending out fixes to all supported Pixel and Nexus devices worldwide running the Android 8.0 Oreo software update, including Pixel 2, Pixel 2 XL, Pixel, Pixel XL, Nexus 6P, Nexus 5X, as well as other devices that Google is still officially supporting.



Leave a Reply

You must be logged in to post a comment.