On April 4, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the general security updates on the Android Security bulletin from Security Patch level 2018-04-01.
- 7 Remote Code Execution Vulnerabilities: These types of vulnerabilities allow attackers to execute arbitrary code on user devices. Two of them are found in the Android media framework and five are found in the system libraries. Six of them are considered critical severity while one is considered high severity.
- 7 Privilege Escalation Vulnerabilities: These types of vulnerabilities allow unprivileged processes, such as from third-party apps, to escalate privileges to the system level, bypassing the sandbox restrictions. One is rated as critical impact, while the other six are rated as high impact. They are found in the media framework, the system libraries and the Android run-time libraries.
- 3 Denial of Service Vulnerabilities: These types of vulnerabilities disable users’ ability to use the phone or access certain services. All vulnerabilities are considered high impact and are found in the Android media framework and the system libraries.
- 2 Information Disclosure Vulnerability: These vulnerabilities allow malicious apps to access user data. They are rated as high impact and are found in the Android framework and the system libraries.
Appthority urges users to update their Android devices to the latest OS version which includes these security updates. We also recommend enterprise IT admins set strong policies against keeping outdated OS versions on their employees’ mobile devices.