On October 2, 2017 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the general security updates on the Android Security bulletin from Security Patch level 2017-10-01.
- 4 Remote Code Execution Vulnerabilities: These types of vulnerabilities allow attackers to execute arbitrary codes on user devices. Three of the discovered vulnerabilities are considered critical and one is considered high severity. The vulnerabilities are found in the Android media framework and system libraries (such as libnl and libskia).
- 2 Privilege Escalation Vulnerability: This type of vulnerability allows unprivileged processes, such as from third-party apps, to escalate privileges to the system level, bypassing the sandbox restrictions. Both vulnerabilities are rated as high impact. One is found in the Android framework and another is found in the Android media framework.
- 2 Information Disclosure Vulnerabilities: These vulnerabilities allow malicious apps to access user data. Both are rated as moderate impact and are found in the Android media framework.
Appthority urges users to update their Android devices to the latest OS version which includes these security updates. We also recommend enterprise IT admins set strong policies against keeping outdated OS versions on their employees’ mobile devices.