photo: Stephen Shankland/CNET
Google has published its October Android protection bulletin and is rolling out the OTA update to Nexus and Pixel contraptions.
it be additionally introduced a brand new means of dealing with its protection bulletins. As standard it’s publishing a month-to-month Android security bulletin with details a few partial patch degree and complete patch degree, nevertheless it’s now delivered a brand new ‘Pixel/Nexus bulletin’ that documents extra bugs mounted in these instruments.
as a result of this alternate, the October update is light compared with outdated updates, detailing fixes for just eight vulnerabilities affecting the Android working gadget and six for different accessories involving the kernel, and drivers for MediaTek and Qualcomm hardware.
by using assessment, the partial September patch stage for Android mounted 34 security flaws, with dozens extra documented fixes in hardware drivers, the kernel and other accessories for the complete patch stage.
The eight Android vulnerabilities are addressed within the patch level dated 2017-10-01 whereas last six are fixed within the finished patch level dated 2017-10-05.
Google’s new Pixel/Nexus security bulletin incorporates particulars about further vulnerabilities in both Android and different add-ons in addition to “functional improvements” which are best addressed these instruments.
Google lists an extra 38 safety vulnerabilities in the Pixel/Nexus bulletin for the 2017-10-05 patch level, which have an effect on Android, and components from Broadcom, HTC, Huawei, Motorola, and Qualcomm. there were no purposeful advancements in this replace.
Android gadget makers have the alternative to tackle concerns listed in the Pixel/Nexus bulletin, however don’t need to fix them to state their instruments are up up to now with the latest patch stage.
“safety vulnerabilities that are documented in [the Android] safety bulletin are required to declare the newest safety patch level on Android devices. further protection vulnerabilities that are documented in equipment / companion protection bulletins don’t seem to be required for declaring a protection patch stage,” Google explains in a Q&a bit in regards to the new bulletin.
possibly this circulation is to aid Android devices makers repair essentially the most essential bugs extra quickly. above all, not one of the bugs within the Pixel/Nexus bulletin is rated as “essential”.
Google counts the Pixel/Nexus bulletin as a ‘device/companion’ bulletin like the month-to-month security bulletins from Samsung and LG.
Samsung has already posted its October bulletin, detailing Google patches from the Android security bulletin, and 6 additional flags affecting Samsung contraptions. The enterprise in September launched its cell bug bounty, offering researchers between $ 200 and $ 200,000 for reporting bugs affecting opt for Galaxy handsets and pills.
The 2017-10-01 patch stage also has a fix for the masqdns area identify equipment (DNS) software that affected a number of Google’s own features and the Google-created Kubernetes containerization automation utility.
previous and related insurance
Google exposes seven extreme flaws in Dnsmasq
The DNS application equipment is frequently present in Linux distributions, routers, and IoT instruments.
Android Oreo: Google adds in more Linux kernel protection facets
Google has hardened Android’s Linux-based kernel.