Search engine giant Google has released this month’s security patch update for its Android OS. The latest Security update fixes as many as 81 bugs and includes two security patch level strings. One of the package is flagged as 2017-09-01 while the other is labelled as 2017-09-05. The first security patch level fixes around 30 bugs, out of which nearly 10 were flagged as critical while another 15 were deemed as high risk.
Google said that almost all versions of Android were at risk including the newly released Android Oreo or Android 8.0. The company further notes that such critical vulnerabilities could allow hackers to execute an arbitrary code using crafted files on devices that have not been updated to the latest security patch. Google confirms that hackers can exploit the remote code vulnerability in all versions of Android starting with Android 4.4 Kitkat to the latest Android 8.0 Oreo.
While the 2017-09-05 security patch level addresses issues that affect Broadcom components and harmful Wi-Fi driver signatures.
“The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google says.
The September 2017 security patch also includes kernel updates, along with fixes for devices using MediaTek processors. even devices running Qualcomm chipsets are getting their own set of fixes. Google explains that Wi-Fi, GPU, and audio drivers on these devices might be vulnerable to RCE, EoP, and ID attacks.
Google also confirmed that all its Nexus and Pixel devices are getting updated to the latest 2017-09-05 security patch level. Though as is usually the case with security patch updates, it’ll take some time for the update to show up on your device. Also, it depends on the manufacturer but it usually Google’s supported Nexus and Pixel devices that get the first dibs on OS and security patch updates.
Users are advised to update to the latest September 2017 Android security patch given the fact that it fixes a number of critical vulnerabilities.