The tech giant addressed 38 Android security vulnerabilities, 20 as part of the 2018-01-01 security patch level and 18 in the 2018-01-05 security patch level.
The 2018-01-01 security patch level fixed four Critical remote code execution issue and 16 High risk elevation of privilege and denial of service flaws.
The most severe vulnerability in Android runtime, tracked as CVE-2017-13176, could be exploited by a remote attacker to bypass user interaction requirements in order to gain access to additional permissions.
A Critical remote code execution flaw was fixed in System, the company also addressed one High risk denial of service vulnerability and two High severity elevation of privilege vulnerabilities.
The security updates fixed 15 vulnerabilities issues in Media framework, the most severe one could be exploited by an attacker using a specially crafted malicious file to execute arbitrary code within the context of a privileged process.
The 2018-01-05 security patch level addressed just one Critical flaw in the Qualcomm components, it could allow a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
The 2018-01-05 security patch level also fixed 1 Critical issue and 6 High severity vulnerabilities in Qualcomm closed-source components.
The patch level addressed High risk elevation of privilege flaws in LG components, MediaTek components, Media framework, and NVIDIA components.
The security patch level addressed one information disclosure bug in Kernel components, and three High severity elevation of privilege.
The tech giant also fixed resolved 46 vulnerabilities in Google devices as part of the Pixel / Nexus Security Bulletin—January 2018.
High severity flaws only affected older Android versions, meanwhile, most of the issues were rated Moderate severity.
The affected components included Framework (1 vulnerability), Media framework (16 vulnerabilities), System (1 flaw), Broadcom components (1 issue), HTC components (1 flaw), Kernel components (7 bugs), MediaTek components (1 issue), and Qualcomm components (18 vulnerabilities).
(Security Affairs – Google, Android Security Bulletin)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.