Google Tackles KRACK With December’s Android Bulletin
Patch update for Android, but good news is that there are no reports of any flaws being exploited in the wild
Google has patched 45 vulnerabilities in its latest security bulletin for Android devices and as usual, Google has delivered two patch levels associated with the latest update, designed to help OEMs select the most appropriate patches for them.
And the good news is that it seems that none of these vulnerabilities are currently being exploited in the wild.
Android Patches
First off is the patch dated 2017-12-01, which contains fixes for 19 vulnerabilities. The second patch, dated 2017-12-05, contains fixes for 28 flaws.
The patches are for Android vulnerabilities that range from high to critical. Of the ten critical patches, five concern the media framework, one is system-level, four are to do with Qualcomm components.
The most severe vulnerability in the 2017-12-01 concerns media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
December’s security updates also address the KRACK vulnerability that could allow attackers to access data from affected devices.
That flaw was discovered by a Belgian academic researcher in October.
He found the problem was with the protocol that secures most Wi-Fi transmissions that could allow attackers to listen in on users’ communications.
Monthly Updates
Google began rolling out monthly updates to fix Android flaws back in August 2015, as part of its efforts to improve Android’s patchy security reputation.
Meanwhile Google has also this week also begun rolling out Android Oreo 8.1 to the general public.
One of the most notable enhancements to the new OS is the inclusion of a Neural Networks API to bolster machine intelligence on mobile handsets.
Google had released Android 8.0 (Oreo) back in August, and that new mobile OS placed an emphasis on speed, security and multitasking.