Google Tackles KRACK With December’s Android Bulletin

Google has patched 45 vulnerabilities in its latest security bulletin for Android devices and as usual, Google has delivered two patch levels associated with the latest update, designed to help OEMs select the most appropriate patches for them.

And the good news is that it seems that none of these vulnerabilities are currently being exploited in the wild.

Android Patches

First off is the patch dated 2017-12-01, which contains fixes for 19 vulnerabilities. The second patch, dated 2017-12-05, contains fixes for 28 flaws.

The patches are for Android vulnerabilities that range from high to critical. Of the ten critical patches, five concern the media framework, one is system-level, four are to do with Qualcomm components.

The most severe vulnerability in the 2017-12-01 concerns media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

December’s security updates also address the KRACK vulnerability that could allow attackers to access data from affected devices.

That flaw was discovered by a Belgian academic researcher in October.

He found the problem was with the protocol that secures most Wi-Fi transmissions that could allow attackers to listen in on users’ communications.

Monthly Updates

Google began rolling out monthly updates to fix Android flaws back in August 2015, as part of its efforts to improve Android’s patchy security reputation.

Meanwhile Google has also this week also begun rolling out Android Oreo 8.1 to the general public.

One of the most notable enhancements to the new OS is the inclusion of a Neural Networks API to bolster machine intelligence on mobile handsets.

Google had released Android 8.0 (Oreo) back in August, and that new mobile OS placed an emphasis on speed, security and multitasking.

Quiz: What do you know about Android?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Jarvis AI Extension Leaked On Chrome Store

Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…

2 days ago

Amazon Mulls New Multi-Billion Dollar Investment In Anthropic – Report

Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…

3 days ago

FTX’s Caroline Ellison Begins Her Two Year Prison Sentence

Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…

3 days ago

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

3 days ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

3 days ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

3 days ago