It’s the beginning of the month, and that means Google has published its monthly security bulletin for Android devices, detailing all the vulnerabilities it has addressed in this month’s update. Though it’s not a long list of vulnerabilities, almost everything on it is rated High or Critical. (If you want to know what the formal severity ratings like Critical, High and Moderate actually mean take a look at Android’s Security Updates and Resources page.)
The Android bulletin has two patch levels, one for 1 October 2017 and another for 5 October 2017.
The first part of the bulletin notes that the most severe vulnerabilities are related to the Android Media Framework. The bulletin doesn’t detail the potential impact of each vulnerability it lists, though it says the most severe flaw in the Media Framework could allow arbitrary code execution within the “context of a privileged process.”
The Media Framework, loosely put, is what processes images and videos to display them on the screen, and this isn’t the first it’s come up for patching – the July 2017 Android Bulletin also listed a number of Media Framework-related issues.
Some of the other vulnerabilities – again, details are a bit vaguely worded in the bulletin – would have allowed for privilege escalation, opening the door for malicious applications or the dreaded remote code execution. One of the Critical vulnerabilities, CVE-2017-0809, affects Android versions 4.4 all the way to 8.0.
It’s a similar story for the second part of the bulletin (5 October 2017), where everything’s either Critical or High. The few details in the bulletin also hint that these vulnerabilities could have allowed remote code executions if exploited.
New! Pixel and Nexus-specific security bulletins
Owners of the Google Pixel and Nexus devices should note that, as of October 2017, Google will publish a separate security bulletin for those devices, alongside the generic Android monthly update.
This first Pixel/Nexus bulletin contains a number of patch updates that, similar to the overall Android bulletin, largely fix issues within the Media Framework and hardware components. Unlike the overall Android bulletin though, the vast majority of these vulnerabilities are rated as Moderate.
The advice is, as always—for those that can—patch as soon as possible to benefit from these updates. If you’re a Google Pixel and Nexus user, you’re in luck as you should expect to receive all of these security updates within the next two weeks, so be sure to install them right away.