Android December Patches Release

Monday, December 12, 2016 @ 04:12 PM gHale

Google released patches earlier this month addressing 74 vulnerabilities in the Android operating system, including 11 rated as critical.

Google’s December security patching cycle included two different releases, each of which came with fixes aimed at Google and other Android devices.

Android Malware Hits Google Accounts
AirDroid Hole Affects Android Users
Android Attacks Set to Rise: Report
Steal a Tesla Using an Android App

The 2016-12-01 security patch level includes 5 fixes aimed at vulnerabilities flagged as “high” severity and 6 others for moderate issues. There are two different remote code execution flaws patches with CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, and CVE-2016-6768, two denial of service vulnerabilities, four elevation of privilege vulnerabilities, and two information disclosure holes.

Android 7.0 or later is not affected by these vulnerabilities if they are already running the latest updates. The rest of the Android versions on the market, starting with 4.4 and ending with 6.0.1, are all a target of these updates.

After the first patch, there was a second called the 2016-12-05 security patch.

This patch included 58 fixes, 11 of which rated as critical, 33 as high, and 14 as medium severity risk.

Most of the vulnerabilities fixed with this update would allow for elevation of privilege and Google said its own devices and other Android phones and tablets on the market ended up exposed. Once again, all versions of Android starting with 4.4.4 should install the patches as soon as possible.

Two important patches are CVE-2016-4794 and CVE-2016-5195 which fix the Dirty COW security bug discovered on Linux and also affecting Android, allowing attackers to root devices and get full root access to local data. Google rates the bug as critical and fixes the patch on all its devices, starting with Pixel C, Pixel, Pixel XL, Nexus 5X, and Nexus 6P.

Android devices getting the update receive just a single OTA patch which then displays the December 05, 2016 security patch level on the About information screen.

Leave a Reply

You must be logged in to post a comment.