Android Vulnerabilities Patched

By Justin Cobbs on November 16, 2017

Keyboard with red

Last week on November 6, Google released patches for several vulnerabilities with their Android devices as a part of their monthly bulletin system update. The patches released this month address around 30 vulnerabilities for Android devices, which are separated into the three levels 2017-11-01, 2017-11-05, 2017-11-06 on Android’s advisory. These levels patch the common vulnerabilities remote code execution, elevation of privilege, information disclosure, and the recent Key Reinstallation Attack (KRACK) vulnerability that affects the WiFi Protected Access 2 (WPA2) Internet protocol. Patches for these vulnerabilities can also be found at the Android Open Source Project (AOSP) Google Git repository.

2017-11-01 patch 

Picture taken from Android

The first level Android posted on their monthly security bulletin addresses Elevation of Privilege (EoP), Remote Code Execution (RCE), and Information Disclosure (ID) vulnerabilities. These vulnerabilities are with Android’s Framework, Media Framework, and System. The patches have their associated Common Vulnerabilities and Exposures (CVE) number and AOSP Git repository links to patch the vulnerability listed in the picture above.

2017-11-05 patch 

list of CVEs
Picture taken from Android

The second level Android posted on their monthly security bulletin addresses EoP, RCE, ID vulnerabilities. These vulnerabilities are with Android’s Kernel, MediaTek, NVIDIA, and Qualcomm system components. The patches have their associated Common Vulnerabilities and Exposures (CVE) number and AOSP Git repository links to patch the vulnerability listed in the picture above.

2017-11-06 patch 

list of CVEs
Picture taken from Android

The third level Android posted on their monthly security bulletin addresses EoP vulnerabilities. The main purpose that these patches are in a separate level is due to specifically patching the recently disclosed KRACK vulnerability with the systems that utilize WPA2. The patches have their associated Common Vulnerabilities and Exposures (CVE) number and AOSP Git repository links to patch the vulnerability listed in the picture above as well.

Sources

Advisory and Article:

https://source.android.com/security/bulletin/2017-11-01

http://www.securityweek.com/google-patches-critical-bugs-android

Android Open Source Project:

https://source.android.com/

Related Posts