Security Being Updated Fixes From The Google Pixel

Google April Security Bulletin for Android is officially live now, the detailing some of the vulnerability and bug fixes that should be rolling out to the users or coustmer of the pixel pending finalization and release by OEMs and carriers. As has been the trend over to the past several of these updates, the fixes required in the initial security patch appear to be the diminished from the early days of the platform. But the same doesn’t hold true for the second monthly patch of the year, aimed more directly at component manufacturers.

For the April 1, 2019 patch level, there are only a total of three fixes in the terms of framework and media framework for Android. Those aren’t necessarily “low” on the severity front, with two fixes in the latter category rated at the “critical” and applying to every version of Android from 7.0 Nougat through the current version of Android 9 Pie. Both of those are listed as being problems potentially allowing for the remote code execution too and Google notes they’re the worst bug found at this time around.

The sole framework vulnerability only needs to patch up the older version of Android 8 Oreo and is a high-risk elevation of privileges issue.

At the system level, in the first of the month’s patches, each is rated at a high level of the risk and five of the eight patches will apply to versions Android 7.0 which is Nougat through Android 9 Pie version. Three more of those fixes apply only to Android 9 Pie. In terms of categorization, those vulnerabilities are nearly to be a dead or even split — potentially tying into either an illicit elevation of the privileges or information disclosure.

While there are only a total of eleven patches in the first of the monthly patches from the company Google, the second run of patches — April 5, 2019 — isn’t quite on the same level. These are patches more directly linked to components within a main handset such as the underlying software tied to Qualcomm’s radios or the processors of the android.

In fact, Qualcomm is bearing the brunt of this update with no fewer than 74 fixes being applied across its the main components. Each of those is rated at a high severity of risk or worse and the main head majority are found in the company’s closed-source to the new components. Of the 44 found on that side of things, six are rated at a critical the level.

For Qualcomm components that aren’t the closed source of the Pixel, all but one of the remaining 30 vulnerabilities has an impact on WLAN components. Just one of those is critical while the only fix left which is applies to a Qualcomm kernel and is rated at high severity.

For the April 1, 2019 patch level, there are only a total of three fixes in terms of framework and media framework for Android of the Pixel. Those aren’t necessarily “low” on the severity front, with two fixes in the latter category rated at “critical” and applying to every version of Android from 7.0 Nougat through the Android 9 Pie. Both of those are listed as being main problems potentially allowing for remote code execution too and Google notes they’re the worst bug found this time around.

The sole framework of the vulnerability only needs to patch up Android 8 Oreo and is a high-risk for the elevation of privileges issue.

At the system level, in the first of the month’s patches, each is rated at a high level of risk and five of the eight patches will apply easily to versions Android 7.0 Nougat through the new version Android 9 Pie. Three more of those fixes apply only to the Android 9 Pie. In terms of categorization, those vulnerabilities are nearly a dead even split in the — potentially tying into either an illicit elevation of privileges or information which cannot be disclosure.

While there are only a total of eleven patches in the first of the monthly patches from Google Pixel, the second run of patches — April 5, 2019 — isn’t quite on the same level as previous one. These are patches more directly linked to components within a handset such as the underlying software tied to Qualcomm’s radios or the processors.

In fact, Qualcomm is bearing the brunt of this update with no fewer than 74 fixes being applied across its main components. Each of those is rated at a high severity of risk or worse the component and the majority are found in the company’s closed-source to be the main components. Of the 44 found on that side of things, six are rated at a critical level.

For Qualcomm components that aren’t closed major source, all but one of the remaining 30 vulnerabilities has an impact on the WLAN components. Just one of those is critical while the only fix left applies to a Qualcomm kernel and is rated at high severity to the android.

The worst vulnerability spotted at the system level for Android and fixed in the second patch each version of Android since Android 7.o Nougat is relased and summarily allowed code to be executed remotely within the context of privileged processes. One high-level vulnerability associated with the new information disclosure is included for those versions too. The two remaining bugs are related to the main issues within the context of an elevation of privileges. One applies to Android 8.1 Oreo and current version Android 9 Pie while the other also applies to Android 8.0 Oreo.

Despite that there appear to be a wealth of Qualcomm fixes included in this every month’s security patches, the security of Android smartphones seems to have been improved over the past several updates. Not only is security itself getting better, as is to be expected from the every month patches. Most OEMs are additionally getting better about to rolling out the new updates.

That’s arguably thanks to changes in the search engine policies regarding to the use of its mobile OS reported near to the end of last year. Although that could always stand to be improved more and more , the area that seems to need the most attention now may not even be from OEMs but from component makers.-

Share

Leave a Reply

Your email address will not be published. Required fields are marked *