According to a security bulletin released by Google, millions of Android users around the world will receive the largest security fixes that has been ever compiled in a month. These critical patches will cover so many security vulnerabilities that they had to be divided under two different categories. The first patch comprises of more than 100 security vulnerabilities that are commonly found in most Android devices. The second patch comprises of fixes designed for the kernel components and hardware drivers that can be found in few selected devices.
The biggest ever critical patch for the Android users released this month targets six critical vulnerabilities found in Mediaserver, which is an Android component offering special privileges with images and video processing. It was found that a remote code execution vulnerability was capable of tricking the users to download or share corrupted media files on their devices. This bug was found to impact Android versions such as 4.4.4 KitKat and 7.1.2 Nougat.
Another critical issue was privilege vulnerability, which was found to be present in Android Framework API that allows apps to get custom user permissions. This bug affects Android 6.0 Marshmallow and Android 7.1.2 Nougat.
Apart from the above mentioned patches, the recent critical patch also includes solutions for the 8 high-risk vulnerabilities on Android platform, 5 moderate severity flaws and some less critical issues. Many of these vulnerabilities were found to be located in the Mediaserver component.
These critical patches are available for Nexus and Pixel devices. The owners of these devices will be able to get the complete patch in a few days or they may also download it directly from Google. The Android OEMs may distribute any of the updates to their end users.
It should be noted that Google only issues firmware updates for the recently supported Nexus and Pixel devices, while the full binary images are available on the official site. Google has made it clear that the company will not guarantee updates for Nexus 6 and Nexus 9 that were released in November 2014. Likewise, the new devices such as Pixel and Pixel XL will lose the guarantee after 2019.
Nexus devices usually get the security updates for at least 3 years from the time the device became available in the Google Store, or at least 18 months from the day Google Store last sold that device.
The complete patch level offer fixes for nearly 11 different critical security flaws that affect numerous drivers, libraries and boot loaders, along with fixes for the issues with low level of severity.