Update your Androids, the October patches are out

Share on Twitter
Share on Google+
Share on LinkedIn

Share on Reddit
It’s the beginning of the month, and that means Google has published its monthly security bulletin for Android devices, detailing all the vulnerabilities it has addressed in this month’s update. Though it’s not a long list of vulnerabilities, almost everything on it is rated High or Critical. (If you want to know what the formal severity ratings like Critical, High and Moderate actually mean take a look at Android’s Security Updates and Resources page.)
The Android bulletin has two patch levels, one for 1 October 2017 and another for 5 October 2017.
The first part of the bulletin notes that the most severe vulnerabilities are related to the Android Media Framework. The bulletin doesn’t detail the potential impact of each vulnerability it lists, though it says the most severe flaw in the Media Framework could allow arbitrary code execution within the “context of a privileged process.”
发现不出问题的漏洞评估没有任何意义,所以安全审核人员永远都会发现您的组织中存在的一些安全问题。
涉密人员必修课
The Media Framework, loosely put, is what processes images and videos to display them on the screen, and this isn’t the first it’s come up for patching – the July 2017 Android Bulletin also listed a number of Media Framework-related issues.
Some of the other vulnerabilities – again, details are a bit vaguely worded in the bulletin – would have allowed for privilege escalation, opening the door for malicious applications or the dreaded remote code execution. One of the Critical vulnerabilities, CVE-2017-0809, affects Android versions 4.4 all the way to 8.0.
It’s a similar story for the second part of the bulletin (5 October 2017), where everything’s either Critical or High. The few details in the bulletin also hint that these vulnerabilities could have allowed remote code executions if exploited.
New! Pixel and Nexus-specific security bulletins
Owners of the Google Pixel and Nexus devices should note that, as of October 2017, Google will publish a separate security bulletin for those devices, alongside the generic Android monthly update.
This first Pixel/Nexus bulletin contains a number of patch updates that, similar to the overall Android bulletin, largely fix issues within the Media Framework and hardware components. Unlike the overall Android bulletin though, the vast majority of these vulnerabilities are rated as Moderate.
The advice is, as always—for those that can—patch as soon as possible to benefit from these updates. If you’re a Google Pixel and Nexus user, you’re in luck as you should expect to receive all of these security updates within the next two weeks, so be sure to install them right away.
云计算也会带来安全方面的挑战,因此我们需要评估云服务提供商的能力,以便保护数据的保密性,可用性和完整性。我们也要了解云服务提供商如何处理来自多家客户的数据,以及如何管理第三方风险。

猜您喜欢

亨通光电:与国家信息安全工程中心共同出资设立亨通信
信息安全意识屏幕保护程序
网络安全法宣传片 002 国家网络安全的现状与重要性概述
国庆假期 郑州街头人烟稀少如“空城”
CNMI100 KOREANWARCASUALTIES
保密意识第一弹:准确定密并正确标识国家秘密