THE GOOGLE ANDROID OPERATING SYSTEM has been flushed with fixes as it makes its way into January 2017 and has had some 90 vulnerabilities addressed.
That is a lot. It is not surprising, we only just reported on the number of Android vulnerabilities being large, but it isn't great news. At least Google appears to be on top of the issues.
LG, a third party that offers handsets running Android, has reacted to the patches already. It says that they cover a mix of vulnerabilities and that at least one is very critical. Left unchecked it would allow for remote code execution, and no one wants that kind of threat live in their pocket.
"The January Security Bulletin contains the patches for the vulnerabilities from Google and LG. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files," said LG in its information.
"The security patch level is [2107-01-01] and the patches contains the fix for the CVE items and the 8 LVE items."
LG recommends all users update their devices to the latest version of the software. So do we.
Google said that the updates have been provided over the air and that this should be applied to handsets. It added that firmware updates have been released to the developer pages, and that Pixel and Nexus users should refer to their update schedule to check when they will get a fix. It said that while the things are bad on paper, there is no evidence of a real world threat.
"The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files," explained the firm.
"We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google service mitigations section for details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform. We encourage all customers to accept these updates to their devices." µ
Home, Home on the strange
Team Red is prepping Navi for the budget GPU arena
Early-adopters beta be careful
China back in your hands