Android Security Bulletin Is Out For the Month of September
Another month, another security bulletin for the Android platform. Right after releasing the latest security patches for the month of September, Google has released the corresponding security bulletin on the Android Open Source Project website. The bulletin documents all the changes included in both the September 1st, 2017 and the September 5th, 2017 security patch levels. This also marks the first security update for Android 8.0 Oreo, but as usual, it encompasses many different Android versions, with the actual bulletin showing patched vulnerabilities all the way down to Android 4.4 KitKat. The most severe of all issues patched included a critical vulnerability in the media framework. The newest security update patches 81 CVEs and vulnerabilities.
Arguably, this security patch could potentially be one of the most important in a while. Thirteen of these are critical vulnerabilities coming from the Media framework, Wi-Fi driver (Broadcom components), networking subsystem (Kernel components), and LibOmxVenc (Qualcomm components). Most, if not all, of these vulnerabilities, allowed remote attacks which executed arbitrary code within the context of a privileged process. We also have around 43 high-severity vulnerabilities coming from all sectors except for the Android system itself. And the 25 remaining vulnerabilities are of moderate severity. Luckily though, it appears that none of these vulnerabilities were actually exploited or abused by customers.
The latest September security patch, which carries a security patch level of September 5th, 2017, is expected to roll out to the Google Pixel, Google Pixel XL, Nexus 5X, Nexus 6P, Nexus 6, Nexus 9, Nexus Player and Pixel C during the following days, in both Nougat and Oreo flavors. Factory images are also expected to go up soon, for those who prefer to go that way. It will also be uploaded to AOSP as a new tag. If you want to learn more about this security update before it actually reaches your device, you can check out the Android Open Source Project website and read up yourself on what does this update bring to the table.