The Complete Magazine on Open Source

Android’s September 2017 update fixes over 80 security issues

1.33K 0

September 2017 Android update

Google has released the September 2017 security update for its Android platform. The latest monthly patch fixes over 80 vulnerabilities that exist in the recent Android Open Source Project (AOSP) versions.

The September 2017 patch brings two level strings; the first level string fixes 30 vulnerabilities. Google has flagged 10 of them as critical, whereas the another 15 as high-security threats. The second level string, on the other hand, fixes a part of the first one. The first string is labeled as 2017-09-01, while the second one is named as 2017-09-05.

Google has confirmed that the vulnerabilities fixed in these two strings affecting a majority of Android versions, including Android Oreo. The most severe vulnerability fixed in the update is a remote code execution flaw. The vulnerability could let an attacker execute arbitrary code on an unmatched device using crafted files. The issue exists in all Android versions including the latest Oreo version. The company has fixed issues affecting Broadcom components with malicious WiFi driver signatures.

There are few critical fixes to the kernel and MediaTek patches for supported devices. Similarly, the update has patches for Wi-Fi, GPU and audio drivers powered by Qualcomm’s Snapdragon chipsets.

Google has immediately released the security patches to its flagship Nexus and Pixel models. Users of third-party manufacturers will have to wait until the manufacturer compiles an update for their device. The update notable comes in two independent strings to make it easier for Android partner manufacturers to fix a subset of vulnerabilities affecting their device range.