Patchday: Several remote code execution gaps in Android closed

Google has released secured versions of Android 8.0, 8.1, 9 and 10. Among other things, they closed critical security gaps.

If you have an Android smartphone from Google’s Pixel series, you should check the current version of the operating system in the settings and update it if necessary. Otherwise, attackers could in some cases attack devices remotely and take full control.

In addition to the security updates from this month, patch level 2019-11-01 also contains other older fixes. The patch level 2019-11-05 includes all previous updates. According to Google , Android partners have had access to the updates for more than a month so they can customize them for their devices.

In addition to Google, there are also monthly Android patch days at Samsung and Sony (see box on the right). In addition, the updates are also available in the Android Open Source Project (AOSP), Google writes in a security warning .

A total of eight gaps are rated as ” critical “. Four of them can be found in system components. Remote attackers could start there and, if an attack is successful, execute malicious code with elevated rights. The four remaining vulnerabilities affect Qualcomm components.

The other security gaps are marked ” high “. Due to weaknesses in the framework, a local app with malicious code could gain additional permissions under certain conditions. An attacker needs local access to exploit four kernel gaps. The execution of malicious code is also conceivable here.

Google has released additional security updates especially for its Pixel series. As can be seen from a warning message , none of the gaps are considered critical. It should be noted that the Pixel and Pixel XL series received security patches for the last time in October 2019. Support for Nexus devices has expired since the end of 2018. 

Leave a Reply

Your email address will not be published. Required fields are marked *