Right on schedule, Google has published their new Android Security Bulletin during the first work week of the new month. Last month’s security patches for Android came with fixes for the Blueborne Bluetooth attack vector and this month comes with a slew of vulnerability patches as well. Just like we’ve seen in other months as well though, these patches are coming in two different phases with the October 1st patch level being partial and then another one coming with the October 5th patch level.
So for the October 1st 2017 patch level, we’re given patches that touch on the Framework, Media Framework and the System. Two high severity patches have been fixed for the Framework and the System (CVE-2017-0806 and CVE-2017-14496), and then we have six different patches ranging from moderate to critical pertains to the Media Framework (CVE-2017-0809, CVE-2017-0810, CVE-2017-0811, CVE-2017-0812, CVE-2017-0815, and CVE-2017-0816).
The October 5th 2017 patch level focuses on the hardware side of things and includes patches for the kernel, MediaTek and Qualcomm components. Two high severity patches included in this security update deal with the kernel and works with the filesystem as well as the network subsystem (CVE-2017-7374 and CVE-2017-9075). The patch for the MediaTek component is also classified as high severity and has to do with the SoC driver (CVE-2017-0827). Lastly, there are three patches for Qualcomm components that touch on the SoC driver (CVE-2017-11053), network subsystem (CVE-2017-9714), and the Linux boot (CVE-2017-9683).
Google has already published the factory images for this update on supported Nexus and Pixel devices. You can find the download links here and Google has also included flashing instructions available there for those who do not want to wait for the OTA update. Along with this month’s security update, Google has also announced a Security Bulletin specifically for Nexus and Pixel devices which you can find here.