Nexus and Pixel proprietors gain their patches on US Tuesday. The remaining of us peasants have to wait.
Google has provoked 47 Android fixes for Nexus and Pixel devices.
Five consideration the media framework amongst the harmful bugs in the Android Security Bulletin, one of them is system-level, four-hit Qualcomm modules. Google declared it to be the worst, which is one of the media framework viruses, not yet entirely revealed, but it “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process”.
Two of the media framework viruses only mark Android 6.0 (31 per cent of active devices), one disturbs only Android 8.0 (0.3 per cent), one moves all versions between 7.0 and 8.0 (20.9 per cent), and the best prevalent is in the entire version after 6.0 (nearly 52 per cent of devices).
Google has not up till now declared publicly with the sort of such bugs, nor has it revealed the system-level bug that marks Android 7.0 ahead, elsewhere describing that “a proximate attacker” could “execute arbitrary code” (furthermore, susceptible versions could be forced over-the-air, any via WiFi, the cellular modem, or Bluetooth).
Among 3 out of the 4 bugs congenital from Qualcomm are have previously been exposed to the public. In CVE-2017-11043, there’s an integer excess in the numap procedure (part of the WiFi code); in CVE-2016-3706 and CVE-2016-4429, there’s an extra load in a UDP RPC module. Entire three could be distantly consumable.
A Qualcomm closed-source module is susceptible to the so far-to-be-revealed CVE-2017-6211.
The thirty seven of the bugs are regarded “High”, five of which are similarly Qualcomm-specific, and one upstream fix in the Linux kernel to go easy of an opportunity increasing bug.
More vendors in the mischievous corner contain MediaTek and Nvidia, with 3 susceptibilities each.
Pixel and Nexus firmware images are due December 5, source code fixes will land within forty-eight hours, US time, and the remaining of the world can, as normal, wait for fixes to proceed their tired way down via carriers and vendors to land as an over-the-air inform. Ultimately.